Monitoring Splunk

Distributed Monitoring console unable to find indexers

responsys_cm
Builder

I followed the instructions for setting up the monitoring console in distributed mode. I have added the cluster master, search heads, and deployment servers as search peers.

The monitoring console can see the cluster master and identify the number of buckets, amount of data, CPU utilization, etc. But none of the index cluster members show up.

It is a multi-site cluster with two sites. Does the monitoring console need to be in site0? Any other ideas on what might be causing this issue?

Thx.

0 Karma

dkeck
Influencer

Hi,

you need to add the Monitoring Console Search head as a cluster search head, the master will than let the MC SH know of all indexer peers automatically present or future once 🙂

https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/Enablethesearchhead

If the answer helped please accept it 🙂

dkeck
Influencer

Did this work for you ?

if it helped please accept the question 🙂

0 Karma

SteveBowser
Explorer

This helped me out (over 2 years later). We just need to remember to go to the MC ==> General Setup and accept the changes after adding the MC Server as a Cluster Search Peer. Thank you.

0 Karma

sudosplunk
Motivator

I guess, you should add all indexers to the Splunk enterprise instance which hosts your MC.

You can do it via the server which contains the Monitoring Console UI

Main Splunk -> Settings -> Distributed search » Search peers   and add/authenticate your indexers which are missing
 Then in the MC,  Settings -> Distributed -> Apply Changes  (Ensure all the indexers are in the list below and roles are correct)

Refer to this doc for more details on how to activate distributed search.

0 Karma

jawaharas
Motivator

But, Splunk doc advise us not to add Indexers manually as search peers. (Refer 5th point - "Do not add clustered indexers"

https://docs.splunk.com/Documentation/Splunk/7.2.3/DMC/Addinstancesassearchpeers

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...