Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How does a Splunk server decide which IP to use when it connects to a master node?

alanzchan
Path Finder
‎08-14-2019 12:42 PM

We have two IPs for a single indexer host.

We are using this command to add a peer to the indexer cluster:

/opt/splunk/bin/splunk edit cluster-config -mode slave -master_uri https://<deployment server>:8089 -replication_port 8080 -secret <REDACTED>

How does the indexer(slave node) decide which IP to use? Is there a configuration we can use to determine which IP Splunk uses to connect to the master node?

0 Karma
Reply

skalliger
Motivator
‎08-16-2019 03:10 AM

Hi,

you can either control this yourself or let the OS decide. Refer to the splunk-launch.conf:

SPLUNK_BINDIP=
Specifies an interface that splunkd and splunkweb should bind to, as
opposed to binding to the default for the local operating system.
If unset, Splunk makes no specific request to the operating system when
binding to ports/opening a listening socket. This means it effectively
binds to '*'; i.e. an unspecified bind. The exact result of this is
controlled by operating system behavior and configuration.

Skalli

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...