Cluster endpoint descriptions
Manage indexer clusters and search head clusters in Splunk Enterprise.
To distinguish indexer cluster endpoints from search cluster endpoints, note:
- Indexer cluster endpoints: Endpoints that contain
cluster
in their URIs pertain to indexer clusters. - Search head cluster endpoints: Endpoints that contain
shcluster
in their URIs pertain to search head clusters.
The values manager
and peer
replace the prior values of master
and slave
. The prior values are currently still supported, but they will be removed from the product in a future release.
Usage details
Review ACL information for an endpoint
To check Access Control List (ACL) properties for an endpoint, append /acl
to the path. For more information see Access Control List in the REST API User Manual.
Authentication and Authorization
Username and password authentication is required for access to endpoints and REST operations.
Splunk users must have role and/or capability-based authorization to use REST endpoints. Users with an administrative role, such as admin
, can access authorization information in Splunk Web. To view the roles assigned to a user, select Settings > Access controls and click Users. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles.
App and user context
Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. For more information about specifying a namespace, see Namespace in the REST API User Manual.
Splunk Cloud Platform limitations
As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. Cluster endpoints are generally not accessible in Splunk Cloud Platform.
Authorized users can access and configure other indexer cluster nodes, including indexer or cluster manager, or license manager nodes, in the Splunk Cloud Platform manager user interface.
See Access requirements and limitations for the Splunk Cloud Platform REST API in the the REST API Tutorials manual for more information.
Indexer cluster endpoints
The endpoints in this section pertain to indexer clusters.
All endpoints that contain cluster
in their URIs pertain to indexer clusters. In this section, if a URI contains the term search head, it refers to search head nodes in the indexer cluster. The term peer node refers to peer nodes in the indexer cluster. For more information about indexer cluster architecture, see The basics of indexer cluster architecture and Search head configuration overview in the Managing Indexers and Clusters of Indexers manual.
cluster/config
https://<host>:<mPort>/services/cluster/config
Access cluster node configuration details.
GET
List cluster node configuration.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
cxn_timeout | Low-level timeout, in seconds, for establishing connection between cluster nodes. Defaults to 60 seconds. |
disabled | Indicates if this node is disabled. |
forwarderdata_rcv_port | The port from which to receive data from a forwarder. |
forwarderdata_use_ssl | Indicates whether to use SSL when receiving data from a forwarder. |
heartbeat_period | Only valid for peer nodes in a cluster. The time, in seconds, that a peer attempts to send a heartbeat to the manager |
heartbeat_timeout | Only valid for the manager node in a cluster configuration. The time, in seconds, before a manager considers a peer down. Once a peer is down, the manager initiates steps to replicate buckets from the dead peer to its live peers. Defaults to 60 seconds. |
manager_uri | Valid only for nodes configured as a peer or searchhead.
URI of the cluster manager to which this node connects. |
max_peer_build_load | The number of jobs that a peer can have in progress at any time that make the bucket searchable. |
max_peer_rep_load | Maximum number of replications that can be ongoing as a target. |
mode | Valid values: (manager | peer | searchhead | disabled) Defaults to disabled.
Sets operational mode for this cluster node. Only one manager may exist per cluster. |
ping_flag | For internal use to facilitate communication between the manager and peers. |
quiet_period | The time, in seconds, that a manager waits for peers to add themselves to the cluster. |
rcv_timeout | Low-level timeout, in seconds, for receiving data between cluster nodes. Defaults to 60 seconds. |
register_forwarder_address | Not used.
Reserved for future use. |
register_replication_address | Valid only for nodes configured as peers. The address on which a peer is available for accepting replication data. This is useful in the cases where a peer host machine has multiple interfaces and only one of them can be reached by another splunkd instance. |
register_search_address | IP address that advertises this indexer to search heads. |
rep_cxn_timeout | Low-level timeout, in seconds, for establishing a connection for replicating data. |
rep_max_rcv_timeout | Maximum cumulative time, in seconds, for receiving acknowledgement data from peers. Defaults to 600s. |
rep_max_send_timeout | Maximum time, in seconds, for sending replication slice data between cluster nodes. Defaults to 600s. |
rep_rcv_timeout | Low-level timeout, in seconds, for receiving data between cluster nodes. |
rep_send_timeout | Low-level timeout, in seconds, for sending replication data between cluster nodes. Defaults to 5 seconds. |
replication_factor | Only valid for nodes configured as a manager.
Determines how many copies of raw data are created in the cluster. This could be less than the number of cluster peers. Must be greater than 0 and greater than or equal to the search factor. Defaults to 3. |
replication_port | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
restart_timeout | Only valid for nodes configured as a manager. The amount of time, in seconds, the manager waits for a peer to come back when the peer is restarted (to avoid the overhead of trying to fix the buckets that were on the peer). Defaults to 600 seconds.
Note: This only works if the peer is restarted from Splunk Web. |
search_factor | Only valid for nodes configured as a manager. Determines how many searchable copies of each bucket to maintain. Must be less than or equal to replication_factor and greater than 0. Defaults to 2. |
secret | Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the manager, it is not able to communicate with the manager.
Corresponds to pass4SymmKey setting in |
send_timeout | Low-level timeout, in seconds, for sending data between cluster nodes. Defaults to 60 seconds. |
summary_replication | Boolean indicator of whether summary replication is on or off. A true value means that it is turned on.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/config
XML Response
<title>clusterconfig</title> <id>https://localhost:8089/services/cluster/config</id> <updated>2012-09-05T10:19:49-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/config/_reload" rel="_reload"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>config</title> <id>https://localhost:8089/services/cluster/config/config</id> <updated>2012-09-05T10:19:49-07:00</updated> <link href="/services/cluster/config/config" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/config/config" rel="list"/> <link href="/services/cluster/config/config/_reload" rel="_reload"/> <link href="/services/cluster/config/config" rel="edit"/> <link href="/services/cluster/config/config/disable" rel="disable"/> <content type="text/xml"> <s:dict> <s:key name="cxn_timeout">60</s:key> <s:key name="disabled">0</s:key> ... eai:acl node elided ... <s:key name="forwarderdata_rcv_port">0</s:key> <s:key name="forwarderdata_use_ssl">1</s:key> <s:key name="heartbeat_period">1</s:key> <s:key name="heartbeat_timeout">60</s:key> <s:key name="manager_uri"></s:key> <s:key name="max_peer_build_load">5</s:key> <s:key name="max_peer_rep_load">5</s:key> <s:key name="mode">manager</s:key> <s:key name="ping_flag">1</s:key> <s:key name="quiet_period">60</s:key> <s:key name="rcv_timeout">60</s:key> <s:key name="register_forwarder_address"></s:key> <s:key name="register_replication_address"></s:key> <s:key name="register_search_address"></s:key> <s:key name="rep_cxn_timeout">5</s:key> <s:key name="rep_max_rcv_timeout">600</s:key> <s:key name="rep_max_send_timeout">600</s:key> <s:key name="rep_rcv_timeout">10</s:key> <s:key name="rep_send_timeout">5</s:key> <s:key name="replication_factor">2</s:key> <s:key name="replication_port"></s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="restart_timeout">600</s:key> <s:key name="search_factor">2</s:key> <s:key name="secret">********</s:key> <s:key name="send_timeout">60</s:key> </s:dict> </content> </entry>
cluster/config/config
https://<host>:<mPort>/services/cluster/config/config
Manage cluster node configuration details.
GET
List cluster node configuration.
This operation works identically to the GET on cluster/config
.
POST
Manage configuration details.
See Indexer cluster configuration overview in Managing Indexers and Clusters of Indexers and the [clustering]
stanza options in the server.conf spec file for more details on indexer cluster configuration.
Request parameters
Name | Datatype | Description |
---|---|---|
available_sites | N/A | Sets the various sites that are recognized for this manager. Valid values include site1 to site64 .
|
cluster_label | String | Label for this cluster. |
cxn_timeout | Number | Low-level timeout, in seconds, for establishing connection between cluster nodes. Defaults to 60 seconds. |
heartbeat_period | Number | Only valid for peer nodes in a cluster. Time, in seconds, that a peer attempts to send a heartbeat to the manager |
heartbeat_timeout | Number | Only valid for the manager node in a cluster configuration. Time, in seconds, before a manager considers a peer down. Once a peer is down, the manager initiates steps to replicate buckets from the dead peer to its live peers. Defaults to 60 seconds. |
manager_uri | URI | Valid only for nodes configured as a peer or searchhead. URI of the cluster manager to which this node connects. |
max_peer_build_load | Number | The number of jobs that a peer can have in progress at any time that make the bucket searchable. |
max_peer_rep_load | Number | Maximum number of replications that can be ongoing as a target. |
mode | See description. | Required. Valid values: (manager | peer | searchhead | disabled) Defaults to disabled. Sets operational mode for this cluster node. Only one manager may exist per cluster. |
multisite | Boolean | Enable or disable the multisite feature for this cluster. |
notify_scan_period | Non-zero number | Controls the frequency that the indexer scans summary folders for summary updates. Only used when summary_replication is enabled on the manager. Defaults to 10 seconds.
|
ping_flag | N/A | For internal use to facilitate communication between the manager and peers. |
quiet_period | Number | The time, in seconds, that a manager waits for peers to add themselves to the cluster. |
rcv_timeout | Number | Low-level timeout, in seconds, for receiving data between cluster nodes. Defaults to 60 seconds. |
register_forwarder_address | N/A | Reserved for future use. |
register_replication_address | See description. | Valid only for nodes configured as peers. The address on which a peer is available for accepting replication data. This is useful in the cases where a peer host machine has multiple interfaces and only one of them can be reached by another splunkd instance. |
register_search_address | N/A | IP address that advertises this indexer to search heads. |
rep_cxn_timeout | Number | Low-level timeout, in seconds, for establishing a connection for replicating data. |
rep_max_rcv_timeout | Number | Maximum cumulative time, in seconds, for receiving acknowledgement data from peers. Defaults to 600s. |
rep_max_send_timeout | Number | Maximum time, in seconds, for sending replication slice data between cluster nodes. Defaults to 600s. |
rep_rcv_timeout | Number | Low-level timeout, in seconds, for receiving data between cluster nodes. |
rep_send_timeout | Number | Low-level timeout, in seconds, for sending replication data between cluster nodes. Defaults to 5 seconds. |
replication_factor | Number | Only valid for nodes configured as a manager. Determines how many copies of raw data are created in the cluster. This could be less than the number of cluster peers. Must be greater than 0 and greater than or equal to the search factor. Defaults to 3. |
replication_port | Number | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Number | Indicates whether to use SSL when sending replication data. |
restart_timeout | Number | Only valid for nodes configured as a manager. The amount of time, in seconds, the manager waits for a peer to come back when the peer is restarted (to avoid the overhead of trying to fix the buckets that were on the peer). Defaults to 600 seconds.
Note: This only works if the peer is restarted from Splunk Web. |
search_factor | Number | Only valid for nodes configured as a manager. Determines how many searchable copies of each bucket to maintain. Must be less than or equal to replication_factor and greater than 0. Defaults to 2. |
secret | N/A | Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the manager, it is not able to communicate with the manager. Corresponds to pass4SymmKey setting in server.conf .
|
send_timeout | Number | Low-level timeout, in seconds, for sending data between cluster nodes. Defaults to 60 seconds. |
site | N/A | Site ID for peer/searchhead indexer. Valid values include site1 to site64 .
|
site_replication_factor | Number | Replication factor for a multisite configuration. |
site_search_factor | Number | Search factor for a multisite configuration. |
summary_replication | Boolean | Enable or disable summary replication. |
use_batch_mask_changes | Boolean | Only valid for mode=manager .Specifies if the manager should process bucket mask changes in
batch or inidividually one by one. Defaults to true. Set to false when there are 6.1 peers in the cluster for backwards compatibility. |
Response data keys
None.
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/config/config -d cxn_timeout=59
XML Response
<title>clusterconfig</title> <id>https://localhost:8089/services/cluster/config</id> <updated>2015-12-07T17:09:48-08:00</updated> <generator build="917abedc8bb44ec1c225a6eb730808a606174cf0" version="20151123"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/config/_reload" rel="_reload"/> <link href="/services/cluster/config/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/buckets
https://<host>:<mPort>/services/cluster/manager/buckets
Provides bucket configuration information for a cluster manager node.
GET
List cluster manager node bucket configuration.
Request parameters
Use an &summaries=true
field in the query string to show summaries.
Use one or more filters in the query string to select buckets or bucket states. For example, use this URL to filter buckets returned for both the main
index and StreamingSource
status.
https://localhost:8089/services/cluster/manager/buckets?filter=index=main&filter=status=StreamingSource
See the following table for available filters.
Filter name | Datatype | Description |
---|---|---|
index | String | Index name. |
status | String | Bucket state. Available options are
|
search_state | String | Bucket search state. Available options are
|
replication_count | Number | Use <, >, != or = with numbers to indicate filtering values. |
search_count | Number | Use <, >, != or = with numbers to indicate filtering values. |
bucket_size | Number | Use <, >, != or = with numbers to indicate filtering values. |
frozen | Boolean true | false |
Return frozen buckets or non-frozen buckets. |
has_primary | Booleantrue | false |
Return buckets with primaries or without primaries. |
meets_multisite_replication_count | Booleantrue | false |
Return buckets that meet cluster replication policy or buckets that do not meet cluster replication policy. |
meets_multisite_search_count | Booleantrue | false |
Return buckets that meet cluster search policy or buckets that do not meet cluster search policy. |
multisite_bucket | Booleantrue | false |
Return buckets created in multisite mode or buckets not created in multisite mode. |
origin_site | String | Site of the indexer where buckets were created. |
standalone | Booleantrue | false |
Use true or 1 to return standalone buckets. Use false or 0 to return clustered buckets.
|
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
bucket_size | Indicates the size, in bytes, of the bucket. |
constrain_to_origin_site | Flag indicating this particular bucket is a clustered pre-multisite bucket. Such buckets are replicated only within their origin site. |
frozen | Indicates if the bucket is frozen. |
index | Name of the index to which the bucket belongs. |
origin_site | Where the bucket originated. |
peers | Lists information about buckets on peers to this manager. |
primaries_by_site | Primary peer (GIUD). |
rep_count_by_site | Number of buckets. |
search_count_by_site | Number of searchable buckets. |
service_after_time | Bucket service is deferred until after this time. |
standalone | Indicates if the bucket was created on the peer before the peer entered into a cluster configuration with this manager. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/buckets
XML Response
<title>clustermanagerbuckets</title> <id>https://localhost:8089/services/cluster/manager/buckets</id> <updated>2014-04-17T19:13:57+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <opensearch:totalResults>24</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>_audit~0~238C3311-F0A4-4A9B-97F0-53667CFFEEAB</title> <id>https://localhost:8089/services/cluster/manager/buckets/_audit~0~238C3311-F0A4-4A9B-97F0-53667CFFEEAB</id> <updated>2014-04-17T19:13:57+00:00</updated> <link href="/services/cluster/manager/buckets/_audit~0~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/buckets/_audit~0~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="list"/> <link href="/services/cluster/manager/buckets/_audit~0~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="bucket_size">47187</s:key> <s:key name="constrain_to_origin_site">1</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="frozen">0</s:key> <s:key name="index">_audit</s:key> <s:key name="origin_site">site2</s:key> <s:key name="peers"> <s:dict> <s:key name="238C3311-F0A4-4A9B-97F0-53667CFFEEAB"> <s:dict> <s:key name="bucket_flags">0x6</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="C878FADC-513D-4BDD-BA48-F25BB82FE565"> <s:dict> <s:key name="bucket_flags">0x0</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C"> <s:dict> <s:key name="bucket_flags">0x0</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Unsearchable</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="primaries_by_site"> <s:dict> <s:key name="site1">238C3311-F0A4-4A9B-97F0-53667CFFEEAB</s:key> <s:key name="site2">238C3311-F0A4-4A9B-97F0-53667CFFEEAB</s:key> </s:dict> </s:key> <s:key name="rep_count_by_site"> <s:dict> <s:key name="site2">3</s:key> </s:dict> </s:key> <s:key name="search_count_by_site"> <s:dict> <s:key name="site2">2</s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> <s:key name="standalone">0</s:key> </s:dict> </content> </entry> <entry> . . . elided . . . <entry> <title>_internal~1~E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C</title> <id>https://localhost:8089/services/cluster/manager/buckets/_internal~1~E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C</id> <updated>2014-04-17T19:13:57+00:00</updated> <link href="/services/cluster/manager/buckets/_internal~1~E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/buckets/_internal~1~E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="list"/> <link href="/services/cluster/manager/buckets/_internal~1~E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="bucket_size"></s:key> <s:key name="constrain_to_origin_site">0</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="frozen">0</s:key> <s:key name="index">_internal</s:key> <s:key name="origin_site">site2</s:key> <s:key name="peers"> <s:dict> <s:key name="61666763-43E9-411B-9464-D80A5119EF0E"> <s:dict> <s:key name="bucket_flags">0x2</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">StreamingTarget</s:key> </s:dict> </s:key> <s:key name="C878FADC-513D-4BDD-BA48-F25BB82FE565"> <s:dict> <s:key name="bucket_flags">0x0</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Unsearchable</s:key> <s:key name="status">StreamingTarget</s:key> </s:dict> </s:key> <s:key name="E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C"> <s:dict> <s:key name="bucket_flags">0x4</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">StreamingSource</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="primaries_by_site"> <s:dict> <s:key name="site1">61666763-43E9-411B-9464-D80A5119EF0E</s:key> <s:key name="site2">E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C</s:key> </s:dict> </s:key> <s:key name="rep_count_by_site"> <s:dict> <s:key name="site1">1</s:key> <s:key name="site2">2</s:key> </s:dict> </s:key> <s:key name="search_count_by_site"> <s:dict> <s:key name="site1">1</s:key> <s:key name="site2">1</s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> <s:key name="standalone">0</s:key> </s:dict> </content> </entry>
cluster/manager/buckets/{name}
https://<host>:<mPort>/services/cluster/manager/buckets/{name}
Access bucket configuration information.
GET
List bucket configuration information.
Request parameters
The filter
parameter of the Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
bucket_size | Indicates the size, in bytes, of the bucket. |
constrain_to_origin_site | Flag indicating this particular bucket is a clustered pre-multisite bucket. Such buckets are replicated only within their origin site. |
frozen | Indicates if the bucket is frozen. |
index | Name of the index to which the bucket belongs. |
origin_site | Where the bucket originated. |
peers | Lists information about buckets on peers to this manager. |
primaries_by_site | Primary peer (GIUD). |
rep_count_by_site | Number of buckets. |
search_count_by_site | Number of searchable buckets. |
service_after_time | Bucket service is deferred until after this time. |
standalone | Indicates if the bucket was created on the peer before the peer entered into a cluster configuration with this manager. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/buckets/internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB
XML Response
<title>clustermanagerbuckets</title> <id>https://localhost:8089/services/cluster/manager/buckets</id> <updated>2014-04-17T19:16:03+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>_internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB</title> <id>https://localhost:8089/services/cluster/manager/buckets/_internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB</id> <updated>2014-04-17T19:16:03+00:00</updated> <link href="/services/cluster/manager/buckets/_internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/buckets/_internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="list"/> <link href="/services/cluster/manager/buckets/_internal~1~238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="bucket_size"></s:key> <s:key name="constrain_to_origin_site">0</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="eai:attributes"> ... elided ... </s:key> <s:key name="frozen">0</s:key> <s:key name="index">_internal</s:key> <s:key name="origin_site">site2</s:key> <s:key name="peers"> <s:dict> <s:key name="238C3311-F0A4-4A9B-97F0-53667CFFEEAB"> <s:dict> <s:key name="bucket_flags">0x4</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">StreamingSource</s:key> </s:dict> </s:key> <s:key name="29F9560E-A44A-425C-8753-1C6158B46C84"> <s:dict> <s:key name="bucket_flags">0x2</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">StreamingTarget</s:key> </s:dict> </s:key> <s:key name="C878FADC-513D-4BDD-BA48-F25BB82FE565"> <s:dict> <s:key name="bucket_flags">0x0</s:key> <s:key name="checksum"></s:key> <s:key name="checksum_state">StableCksum</s:key> <s:key name="search_state">Unsearchable</s:key> <s:key name="status">StreamingTarget</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="primaries_by_site"> <s:dict> <s:key name="site1">29F9560E-A44A-425C-8753-1C6158B46C84</s:key> <s:key name="site2">238C3311-F0A4-4A9B-97F0-53667CFFEEAB</s:key> </s:dict> </s:key> <s:key name="rep_count_by_site"> <s:dict> <s:key name="site1">1</s:key> <s:key name="site2">2</s:key> </s:dict> </s:key> <s:key name="search_count_by_site"> <s:dict> <s:key name="site1">1</s:key> <s:key name="site2">1</s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> <s:key name="standalone">0</s:key> </s:dict> </content> </entry>
cluster/manager/buckets/{bucket_id}/fix
https://<host>:<mPort>/services/cluster/manager/buckets/{bucket_id}/fix
Add the specified bucket to the fix list.
For more information, see Bucket-fixing scenarios in Managing Indexers and Clusters of Indexers.
Authentication and Authorization
Requires the admin
role or indexes_edit
capability.
POST
Add this bucket to the fix list.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/cluster/manager/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/fix -X POST
XML Response
<title>clustermanagerbuckets</title> <id>https://localhost:8089/services/cluster/manager/buckets</id> <updated>2015-11-04T12:23:57-08:00</updated> <generator build="8effae892620f7b651853d141b7b7a6b61b929c0" version="20151102"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <link href="/services/cluster/manager/buckets/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/buckets/{bucket_id}/fix_corrupt_bucket
https://<host>:<mPort>/services/cluster/manager/buckets/{bucket_id}/fix_corrupt_bucket
Trigger a corruption fixup of a clustered non-SmartStore-enabled bucket.
For more information, see Bucket-fixing scenarios in Managing Indexers and Clusters of Indexers.
Authentication and Authorization
Requires the admin
role or edit_indexer_cluster
capability.
POST
Trigger a corruption fixup for this bucket.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/cluster/manager/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/fix_corrupt_bucket -X POST
XML Response
"links":{ "create":"/services/cluster/manager/buckets/_new" }, "origin":"https://chieftain:15511/services/cluster/manager/buckets", "updated":"2023-09-06T22:30:08-07:00", "generator":{ "build":"479782058d4faa7ef3404e947f4117df3a59654c", "version":"20230905" }, "entry":[ ], "paging":{ "total":0, "perPage":30, "offset":0 }, "messages":[ ]
cluster/manager/buckets/{bucket_id}/freeze
https://<host>:<mPort>/services/cluster/manager/buckets/{bucket_id}/freeze
Set the bucket's state to frozen. The frozen state may not persist after a cluster manager restart unless one of the peers has set the frozen state. A POST to this endpoint does not set the bucket's state to frozen on peers.
- Note: Use this endpoint with caution. It is recommended to test the endpoint in a test cluster prior to use on an actual bucket.
For more information, see How the cluster handles frozen buckets in Managing Indexers and Clusters of Indexers.
Authentication and Authorization
Requires the admin
role or indexes_edit
capability.
POST
Set this bucket's state to frozen.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/freeze -X POST
XML Response
<title>clustermanagerbuckets</title> <id>https://locahost:8089/services/cluster/manager/buckets</id> <updated>2015-11-04T12:21:27-08:00</updated> <generator build="8effae892620f7b651853d141b7b7a6b61b929c0" version="20151102"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <link href="/services/cluster/manager/buckets/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/buckets/{bucket_id}/remove_all
https://<host>:<mPort>/services/cluster/manager/buckets/{bucket_id}/remove_all
Delete all copies of the specified bucket.
- Caution: Using this endpoint will cause irreversible data loss. It is recommended to test the endpoint on a test cluster prior to use on an actual bucket.
Authentication and Authorization
Requires the admin
role or indexes_edit
capability.
POST
Delete all copies of the specified bucket.
Request parameters
None
Returned values
None. If an invalid bucket id is used, an error message is returned.
<response> <messages> <msg type="ERROR"> In handler 'clustermanagerbuckets': bucket not found</msg> </messages> </response>
If the request is made on a hot bucket, an error message is returned.
<response> <messages> <msg type="ERROR"> In handler 'clustermanagerbuckets': cannot remove hot bucket from cluster</msg> </messages> </response>
Example request and response
XML Request
curl -k -u admin:password https://localhost:8089/services/cluster/manager/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/remove_all -X POST
XML Response
<title>clustermanagerbuckets</title> <id>https://localhost:8089/services/cluster/manager/buckets</id> <updated>2015-11-04T12:24:12-08:00</updated> <generator build="8effae892620f7b653d141b7b7a6b61b929c0" version="20151102"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <link href="/services/cluster/manager/buckets/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/buckets/{bucket_id}/remove_from_peer
https://<host>:<mPort>/services/cluster/manager/buckets/{bucket_id}/remove_from_peer
Deletes the copy of this bucket from specified peer.
If the request causes the cluster to lose its complete state, the cluster will engage in fixup activities. This may result in another copy of the same bucket appearing on this peer. If, however, the specified bucket is frozen, the cluster does not attempt any fixup activities.
- Caution: Using this endpoint will cause irreversible data loss. It is recommended to test the endpoint on a test-cluster prior to use on an actual bucket.
Authentication and Authorization
Requires the admin
role or indexes_edit
capability.
POST
Delete this bucket from specified peer. Set bucket state to frozen
Request parameters
Name | Type | Description |
---|---|---|
peer (required) | GUID | Peer GUID |
Returned values
None. If the peer
parameter is missing from the request, an error message is returned.
<response> <messages> <msg type="ERROR"> In handler 'clustermanagerbuckets': The following required arguments are missing: peer.</msg> </messages> </response>
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/buckets/_internal~0~111175BA-00DF-4CFE-9AEC-48A87B97EC71/remove_from_peer -X POST -d peer=222275BA-00DF-4CFE-9AEC-48A87B97EC71
XML Response
<title>clustermanagerbuckets</title> <id>https://localhost:8089/services/cluster/manager/buckets</id> <updated>2015-11-04T12:23:18-08:00</updated> <generator build="8effae892620f7b651853d141b7b7a6b61b929c0" version="20151102"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/buckets/_new" rel="create"/> <link href="/services/cluster/manager/buckets/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/control/control/prune_index
https://<host>:<mPort>/services/cluster/manager/control/control/prune_index
Clean up excess bucket copies across an index.
For more information, see Remove extra bucket copies in Managing Indexers and Clusters of Indexers.
POST
Clean up excess bucket copies across an index.
Request parameters
Name | Description |
---|---|
index | Optional. The index from which to remove excess bucket copies. If not specified, the POST operation clears excess bucket copies across all indexes. |
Returned values
None
Example request
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/control/control/prune_index -d index="my_index"
cluster/manager/control/control/rebalance_primaries
https://<host>:<mPort>/services/cluster/manager/control/control/rebalance_primaries
Rebalance primary bucket copies across peers. For more information, see Rebalance the indexer cluster primary buckets in Managing Indexers and Clusters of Indexers.
POST
Rebalance primary buckets across all peers of this manager.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/control/control/rebalance_primaries --request POST
XML Response
<title>clustermanagercontrol</title> <id>https://localhost:8089/services/cluster/manager/control</id> <updated>2013-08-21T13:08:52-07:00</updated> <generator build="176231" version="6.0"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/control/control/remove_peers
https://<host>:<mPort>/services/cluster/manager/control/control/remove_peers
Remove one or more peers.
See also
cluster/manager/peers
POST
Remove one or more peers.
Request parameters
Name | Type | Description |
---|---|---|
peers Required |
String | One or more comma-separated peer GUIDs. |
Returned values
None
Application usage
If peer status is not Down or GracefulShutdown, the interface returns the following error message:
<response> <messages> <msg type="ERROR"> In handler 'clustermanagercontrol': Remove aborted, Reason: Peer=<hostname> with guid=<peerID> cannot be removed. Peer has status=Up. Only peers with status=Down (or) GracefulShutdown can be removed.</msg> </messages> </response>
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/control/control/remove_peers --request POST -d "peers=F2AA19BD-622F-4F8C-A8E0-1233"
XML Response
<title>clustermanagercontrol</title> <id>https://localhost:8089/services/cluster/manager/control</id> <updated>2014-09-10T13:12:54-07:00</updated> <generator build="230688" version="6.2"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ...
cluster/manager/control/control/resync_bucket_from_peer
https://<host>:<mPort>/services/cluster/manager/control/control/resync_bucket_from_peer
This endpoint resets the state of a specified bucket based on the current state of the bucket at a peer.
POST
Reset bucket state based on the current state of the bucket at a peer.
Request Parameters
Name | Type | Default | Description | |
---|---|---|---|---|
bucket_id | String | N/A | Required. ID of bucket to update. | |
peer | GUID | N/A | Required. GUID of peer from which to update the bucket. |
Returned Values
None.
Example request and response
XML Request
curl -k -u admin:pass https://hostname:mPort:/services/cluster/manager/control/control/resync_bucket_from_peer -X POST -d bucket_id=_audit~2~8F6747E9-88C9-4488-8806-4EA3CA433CF5 -d peer=8F6747E9-88C9-4488-8806-4EA3CA433CF5
XML Response
<title>clustermanagercontrol</title> <id>https://10.66.129.225:8089/services/cluster/manager/control</id> <updated>2016-06-30T14:32:06+08:00</updated> <generator build="9904f7fc29b" version="6.4.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/control/control/roll-hot-buckets
https://<host>:<mPort>/services/cluster/manager/control/control/roll-hot-buckets
This endpoint forces a specified bucket in an indexer cluster to roll from hot to warm. Pass the bucket id (bid) to the manager node. The manager instructs the origin peer for that bucket to roll its copy. In turn, the origin peer tells all the replicating peers to roll their copies
You might discover a bucket that is stuck in fixup and needs to be rolled using logs, Splunk Web, or either of the following two endpoints.
Authorization and authentication
This endpoint requires the admin role for use.
POST
Force a bucket to roll from hot to warm.
Request parameters
Name | Type | Default | Description |
---|---|---|---|
bucket_id | String | N/A | Required. ID for bucket to roll. |
Returned values
None.
Example request and response
XML Request
curl -k -u username:password https://localhost:8089/services/cluster/manager/control/control/roll-hot-buckets -X POST -d "bucket_id=_audit~2~1A3889D7-954B-4CE6-B071-01B438DE9865"
XML Response
<title>clustermanagercontrol</title> <id>https://localhost:8089/services/cluster/manager/control</id> <updated>2015-10-30T07:34:56+08:00</updated> <generator build="0d98363e4338" version="6.4.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/control/control/rolling_upgrade_finalize
https://<host>:<mPort>/services/cluster/manager/control/control/rolling_upgrade_finalize
Finalizes an indexer cluster rolling upgrade.
POST
Finalizes an indexer cluster rolling upgrade.
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/control/control/rolling_upgrade_finalize -X POST
XML Response
<title>clustermanagercontrol</title> <id>https://10.141.65.179:52000/services/cluster/manager/control</id> <updated>2018-04-01T22:04:46+00:00</updated> <generator build="b233a6c1ade2" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Cluster is no longer in searchable rolling upgrade mode.</s:msg> </s:messages>
cluster/manager/control/control/rolling_upgrade_init
https://<host>:<mPort>/services/cluster/manager/control/control/rolling_upgrade_init
Initializes an indexer cluster rolling upgrade.
POST
Initializes an indexer cluster rolling upgrade.
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/control/control/rolling_upgrade_init -X POST
XML Response
<title>clustermanagercontrol</title> <id>https://10.141.65.179:52000/services/cluster/manager/control</id> <updated>2018-04-01T21:06:21+00:00</updated> <generator build="b233a6c1ade2" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Cluster is now in searchable rolling upgrade mode.</s:msg> </s:messages>
cluster/manager/control/default/abort_restart
https://<host>:<mPort>/services/cluster/manager/control/default/abort_restart
Aborts an ongoing restart of an indexer cluster.
Authentication and Authorization
Requires the admin
role or edit_indexer_cluster
capability.
POST
Abort an ongoing restart of an indexer cluster.
Request parameters
None
Returned values
None
Example request and response
JSON Request
curl -k -u admin:password -X POST "https://chieftain:15511/services/cluster/manager/control/default/abort_restart?output_mode=json"
JSON Response
{ "links":{ }, "origin":"https://chieftain:15511/services/cluster/manager/control", "updated":"2023-09-06T23:45:53-07:00", "generator":{ "build":"479782058d4faa7ef3404e947f4117df3a59654c", "version":"20230905" }, "entry":[ ], "paging":{ "total":0, "perPage":30, "offset":0 }, "messages":[ { "type":"INFO", "text":"Aborting the rolling restart initiated successfully. List of peers skipped restarting: E30CA8C0-23E5-4A6B-9F28-D2EC991CCD75,9E3FED8B-59A0-4B95-8116-F8F8A67A7686,32790C7F-82CB-4E39-8689-3600F72D4D01,2B6C57ED-9FFC-44F0-9E58-CD8BE3519F3F,5A65CEB6-79A6-40D7-914C-4859DEACF79B,8C2DC775-EB8E-44D7-AFF8-38482B3A9990,033085C7-F31B-467D-9577-B8A5E5131810" } ] }
cluster/manager/control/default/apply
https://<host>:<mPort>/services/cluster/manager/control/default/apply
Pushes a bundle.
POST
Push a bundle.
Request Parameters
Name | Type | Default | Description |
---|---|---|---|
skip-validation |
Boolean | False | Set as true to skip the validation step for this bundle. |
ignore_identical_bundle | Boolean | True | Set as false to push this bundle even if current active bundle is identical to this bundle. |
Returned Values
None.
Example request and response
XML Request
curl -k -u admin:pass https://host:mPort/services/cluster/manager/control/default/apply -X POST
XML Response
<title>clustermanagercontrol</title> <id>https://wimpy:7420/services/cluster/manager/control</id> <updated>2019-01-02T13:46:04-08:00</updated> <generator build="c5340c4d9387ab182815dc279bcd14979b747dc9" version="20181119"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>clusterbundles</title> <id>https://wimpy:7420/services/cluster/manager/control/clusterbundles</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/cluster/manager/control/clusterbundles" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/control/clusterbundles" rel="list"/> <link href="/services/cluster/manager/control/clusterbundles" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="checksum">288845778D5B1952F534AB16DD82881E</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/control/default/cancel_bundle_push
https://<host>:<mPort>/services/cluster/manager/control/default/cancel_bundle_push
Cancels and resets the bundle push operation. Use this endpoint when the cluster manager does not receive a validation response from the cluster peer due to an error. For more information, see Configuration bundle issues.
POST
Cancel and reset the bundle push operation.
Request Parameters
None.
Returned Values
None.
Example request and response
XML Request
curl -k -u admin:pass https://host:mPort/services/cluster/manager/control/default/cancel_bundle_push -X POST
XML Response
<title>clustermanagercontrol</title> <id>https:/<hostname>:<mgt-port>/services/cluster/manager/control</id> <updated>2017-08-21T15:13:13-07:00</updated> <generator build="3d1811a2a4dda9f4751be7cc71833cc377f62da8" version="20170823"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/manager/control/default/maintenance
https://<host>:<mPort>/services/cluster/manager/control/default/maintenance
Put the cluster manager into maintenance mode.
POST
Toggle maintenance mode.
Request Parameters
Name | Datatype | Description |
---|---|---|
mode | Boolean | Enable or disable maintenance mode on the cluster manager. |
Returned Values
None.
Example request and response
XML Request
curl -k -u username:pass https://<host>:<mPort>/services/cluster/manager/control/default/maintenance -d mode=true
XML Response
<title>clustermanagercontrol</title> <id>https://myserver:8089/services/cluster/manager/control</id> <updated>2020-05-15T05:45:49+00:00</updated> <generator build="a6754d8441bf" version="8.0.3"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> </feed>
cluster/manager/control/default/rollback
https://<host>:<mPort>/services/cluster/manager/control/default/rollback
Roll a bundle back to the previously active bundle.
POST
Roll back a bundle.
Request Parameters
None.
Returned Values
None.
Example request and response
XML Request
curl -k -u admin:pass https://host:mPort/services/cluster/manager/control/default/rollback -X POST
XML Response
<title>clustermanagercontrol</title> <id>https://wimpy:7420/services/cluster/manager/control</id> <updated>2019-01-02T13:46:26-08:00</updated> <generator build="c5340c4d9387ab182815dc279bcd14979b747dc9" version="20181119"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>clusterbundles</title> <id>https://wimpy:7420/services/cluster/manager/control/clusterbundles</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/cluster/manager/control/clusterbundles" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/control/clusterbundles" rel="list"/> <link href="/services/cluster/manager/control/clusterbundles" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="checksum">447F196DB0CF55389029A950E3C2D3E3</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/control/default/validate_bundle
https://<host>:<mPort>/services/cluster/manager/control/default/validate_bundle
Tests if the bundle in etc/manager-apps
passes validation. Optionally, tests if the bundle will trigger an indexer restart.
POST
Validate a bundle.
Request Parameters
Name | Type | Default | Description |
---|---|---|---|
check-restart |
Boolean | False | By default, checks if the bundle passes validation on the cluster manager and indexers. Set to true to check if the bundle will trigger a restart on the indexers. |
Returned Values
None.
Example request and response
XML Request
curl -k -u admin:pass https://host:mPort/services/cluster/manager/control/default/validate_bundle -d check-restart=true -X POST
XML Response
<title>clustermanagercontrol</title> <id>https://wimpy:7420/services/cluster/manager/control</id> <updated>2019-01-02T13:56:48-08:00</updated> <generator build="c5340c4d9387ab182815dc279bcd14979b747dc9" version="20181119"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>clusterbundles</title> <id>https://wimpy:7420/services/cluster/manager/control/clusterbundles</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/cluster/manager/control/clusterbundles" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/control/clusterbundles" rel="list"/> <link href="/services/cluster/manager/control/clusterbundles" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="checksum">288845778D5B1952F534AB16DD82881E</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/fixup
https://<host>:<mPort>/services/cluster/manager/fixup
Access a list of buckets on a specific fixup priority level. Bucket fixups are processed in order of priority level. See Request parameters below for priority level details.
When you access a particular fixup level, buckets may appear in it even though they do not need fixup at this level. Initially, each bucket requiring fixup is added to all levels, even though it might only require processing in a subset of all levels. As the bucket is processed through a level, it is deleted from that level.
GET
List buckets on the specified fixup level.
Request parameters
Pagination and filtering parameters can be used with this method.
Name | Datatype | Description |
---|---|---|
level | String | Required. Fixup priority level. Use one of the following level values, listed in order of priority.
|
index | String | Optional. Index name. |
Returned values
For each bucket in the specified fixup level, the response includes the following details for the initial
time when the bucket went into the fixup level and the latest
time that the bucket was checked.
Name | Description |
---|---|
id | Bucket id. |
reason | Initial or latest reason for the bucket being on this fixup level. |
timestamp | Timestamp for initial bucket addition to fixup list or latest bucket check. |
Example request and response
XML Request
curl -k -u admin:password https://localhost:8089/services/cluster/manager/fixup?level=replication_factor
XML Response
<title>clustermanagerfixup</title> <id>https://localhost:8089/services/cluster/manager/fixup</id> <updated>2015-11-09T17:05:48-08:00</updated> <generator build="802b4ea159bb584c629dcdb8ba57c409b1d5b7ab" version="20151030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/fixup/_acl" rel="_acl"/> <opensearch:totalResults>2</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>_audit~212~22220097-5E3F-4D26-B301-ECE3C4CD2222</title> <id>https://localhost:8089/services/cluster/manager/fixup/_audit~212~22220097-5E3F-4D26-B301-ECE3C4CD2222</id> <updated>2015-11-09T17:05:48-08:00</updated> <link href="/services/cluster/manager/fixup/_audit~212~22220097-5E3F-4D26-B301-ECE3C4CD2222" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/fixup/_audit~212~22220097-5E3F-4D26-B301-ECE3C4CD2222" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="index">_audit</s:key> <s:key name="initial"> <s:dict> <s:key name="reason">add peer=22220097-5E3F-4D26-B301-ECE3C4CD2222 new bucket</s:key> <s:key name="timestamp">1447099323</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">Missing enough suitable candidates to create replicated copy in order to meet replication policy. Missing={ site2:1 }</s:key> <s:key name="timestamp">1447117547</s:key> </s:dict> </s:key> <s:key name="level">replication_factor</s:key> </s:dict> </content> </entry> <entry> <title>_internal~12628~111163F8-61F4-4AB3-A1A7-2EDCB10C1111</title> <id>https://localhost:8089/services/cluster/manager/fixup/_internal~12628~111163F8-61F4-4AB3-A1A7-2EDCB10C1111</id> <updated>2015-11-09T17:05:48-08:00</updated> <link href="/services/cluster/manager/fixup/_internal~12628~111163F8-61F4-4AB3-A1A7-2EDCB10C1111" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/fixup/_internal~12628~111163F8-61F4-4AB3-A1A7-2EDCB10C1111" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="index">_internal</s:key> <s:key name="initial"> <s:dict> <s:key name="reason">add peer=111163F8-61F4-4AB3-A1A7-2EDCB10C1111 new bucket</s:key> <s:key name="timestamp">1447099323</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">Missing enough suitable candidates to create replicated copy in order to meet replication policy. Missing={ site1:1 }</s:key> <s:key name="timestamp">1447117547</s:key> </s:dict> </s:key> <s:key name="level">replication_factor</s:key> </s:dict> </content> </entry>
cluster/manager/generation
https://<host>:<mPort>/services/cluster/manager/generation
Access current generation cluster manager information and create a cluster generation.
GET
List peer nodes participating in the current generation for this manager.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
generation_id | The ID for the current generation for this manager. |
generation_peers | Lists the peers for this generation of the cluster. |
pending_generation_id | The next generation ID used by the manager when committing a new generation.
This value is useful for debugging. |
pending_last_attempt | The timestamp of the last attempt to commit to the pending generation ID (if ever). |
pending_last_reason | The reason why this peer failed to commit to the pending generation.
This parameter is EMPTY if no such attempt was made. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/generation
XML Response
<title>clustermanagergeneration</title> <id>https://localhost:8089/services/cluster/manager/generation</id> <updated>2012-09-05T10:39:54-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>https://localhost:8089/services/cluster/manager/generation/manager</id> <updated>2012-09-05T10:39:54-07:00</updated> <link href="/services/cluster/manager/generation/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/generation/manager" rel="list"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="generation_id">2</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="pending_generation_id">3</s:key> <s:key name="pending_last_attempt">0</s:key> <s:key name="pending_last_reason"></s:key> </s:dict> </content> </entry>
POST
Create a cluster generation.
Request parameters
Name | Type | Default | Description |
---|---|---|---|
name required |
String | The URI of the searchhead node of a cluster upon which to create a new generation. | |
generation_poll_interval | Number | How often, in seconds, the searchhead polls the manager for generation information.
Defaults to 60 seconds. | |
label | String | Server name for the Splunk platform instance specified by the name attribute. | |
mgmt_port | String | The managment port of searchhead node in a cluster upon which you are creating a new generation. | |
register_search_address | String | The address on which a peer node is available as search head.
This is useful in the cases where a host machine has multiple interfaces and only one of them can be reached by another splunkd instance. |
Returned values
Name | Description |
---|---|
generation_id | The ID for the current generation for this manager. |
generation_peers | Lists the peers for this generation of the cluster. |
pending_generation_id | The next generation ID used by the manager when committing a new generation.
This value is useful for debugging. |
pending_last_attempt | The timestamp of the last attempt to commit to the pending generation ID (if ever). |
pending_last_reason | The reason why this peer failed to commit to the pending generation.
This parameter is EMPTY if no such attempt was made. |
replication_factor_met | Indicates if the replication factor was met for the cluster. |
search_factor_met | Indicates if the search factor was met for the cluster. |
was_forced | Indicates next generation was forcibly committed. |
Example request and response
XML Request
curl -k -u admin:pass https://myserver:8089/services/cluster/manager/generation -d name=foo
XML Response
<title>clustermanagergeneration</title> <id>https://myserver:8089/services/cluster/manager/generation</id> <updated>2013-10-31T13:58:51-07:00</updated> <generator build="184661" version="20131030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/generation/_new" rel="create"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>https://myserver:8089/services/cluster/manager/generation/manager</id> <updated>2013-10-31T13:58:51-07:00</updated> <link href="/services/cluster/manager/generation/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/generation/manager" rel="list"/> <link href="/services/cluster/manager/generation/manager" rel="edit"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="generation_id">5</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="11111111-1111-1111-1111-111111111111"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6431</s:key> <s:key name="peer">PEER1</s:key> </s:dict> </s:key> <s:key name="22222222-2222-2222-2222-222222222222"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6432</s:key> <s:key name="peer">PEER2</s:key> </s:dict> </s:key> <s:key name="33333333-3333-3333-3333-333333333333"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6433</s:key> <s:key name="peer">PEER3</s:key> </s:dict> </s:key> <s:key name="44444444-4444-4444-4444-444444444444"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6434</s:key> <s:key name="peer">PEER4</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="pending_generation_id">6</s:key> <s:key name="pending_last_attempt">0</s:key> <s:key name="pending_last_reason"></s:key> <s:key name="replication_factor_met">1</s:key> <s:key name="search_factor_met">1</s:key> <s:key name="was_forced">0</s:key> </s:dict> </content> </entry>
cluster/manager/generation/{name}
https://<host>:<mPort>/services/cluster/manager/generation/{name}
Access information about a peer node participating in the current generation for the specified search head GUID.
GET
List peer node information of the specified search head GUID.
Request parameters
None
Returned values
Name | Description |
---|---|
generation_id | The ID of the current generation for this manager. |
generation_peers | Lists the peers for this generation of the cluster. |
pending_generation_id | The next generation ID used by the manager when committing a new generation.
This value is useful for debugging. |
pending_last_attempt | The timestamp of the last attempt to commit to the pending generation ID (if ever). |
pending_last_reason | The reason why this peer failed to commit to the pending generation.
This parameter is EMPTY if no such attempt was made. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/generation/manager
XML Response
<title>clustermanagergeneration</title> <id>https://localhost:8089/services/cluster/manager/generation</id> <updated>2012-09-05T10:45:27-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>https://localhost:8089/services/cluster/manager/generation/manager</id> <updated>2012-09-05T10:45:27-07:00</updated> <link href="/services/cluster/manager/generation/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/generation/manager" rel="list"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... ... eai:attributes node elided ... <s:key name="generation_id">2</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="pending_generation_id">3</s:key> <s:key name="pending_last_attempt">0</s:key> <s:key name="pending_last_reason"></s:key> </s:dict> </content> </entry>
POST
Create a new generation for the specified search head GUID.
Request parameters
Name | Type | Description |
---|---|---|
generation_poll_interval | Number | How often, in seconds, the searchhead polls the manager for generation information.
Defaults to 60 seconds. |
label | String | Server name for the search head specified by {name}. |
mgmt_port | String | The managment port of searchhead node in a cluster upon which you are creating a new generation. |
register_search_address | String | The address on which a peer node is available as search head.
This is useful when a host machine has multiple interfaces and only one of them can be reached by another |
Returned values
Name | Description |
---|---|
generation_id | The ID for the current generation for this manager. |
generation_peers | Lists the peers for this generation of the cluster. |
pending_generation_id | The next generation ID used by the manager when committing a new generation.
This value is useful for debugging. |
pending_last_attempt | The timestamp of the last attempt to commit to the pending generation ID (if ever). |
pending_last_reason | The reason why this peer failed to commit to the pending generation.
This parameter is EMPTY if no such attempt was made. |
replication_factor_met | Indicates if the replication factor was met for the cluster. |
search_factor_met | Indicates if the search factor was met for the cluster. |
was_forced | Indicates next generation was forcibly committed. |
Example request and response
XML Request
curl -k -u admin:pass https://myserver:8089/services/cluster/manager/generation/foo -X POST -d generation_poll_interval=62 -d label=PEER2
XML Response
<title>clustermanagergeneration</title> <id>https://myserver:8089/services/cluster/manager/generation</id> <updated>2013-10-31T14:37:20-07:00</updated> <generator build="184661" version="20131030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/generation/_new" rel="create"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>https://myserver:8089/services/cluster/manager/generation/manager</id> <updated>2013-10-31T14:37:20-07:00</updated> <link href="/services/cluster/manager/generation/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/generation/manager" rel="list"/> <link href="/services/cluster/manager/generation/manager" rel="edit"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="generation_id">5</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="11111111-1111-1111-1111-111111111111"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6431</s:key> <s:key name="peer">PEER1</s:key> </s:dict> </s:key> <s:key name="22222222-2222-2222-2222-222222222222"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6432</s:key> <s:key name="peer">PEER2</s:key> </s:dict> </s:key> <s:key name="33333333-3333-3333-3333-333333333333"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6433</s:key> <s:key name="peer">PEER3</s:key> </s:dict> </s:key> <s:key name="44444444-4444-4444-4444-444444444444"> <s:dict> <s:key name="host_port_pair">myserver.splunk.com:6434</s:key> <s:key name="peer">PEER4</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="pending_generation_id">6</s:key> <s:key name="pending_last_attempt">0</s:key> <s:key name="pending_last_reason"></s:key> <s:key name="replication_factor_met">1</s:key> <s:key name="search_factor_met">1</s:key> <s:key name="was_forced">0</s:key> </s:dict> </content> </entry>
cluster/manager/ha_active_status
https://<host>:<mPort>/services/cluster/manager/ha_active_status
Used by the load balancers to check the high availability mode of a given cluster manager.
The active cluster manager will return "HTTP 200", denoting "healthy", and a startup or standby cluster manager will return "HTTP 503".
Authentication and authorization
This endpoint is unauthenticated because some load balancers don't support authentication on a health check endpoint.
GET
Checks the high availability mode of a given cluster manager.
Request parameters
None
Returned values
None
Example request and response
Request
curl -k -v -u admin:changeme https://mrt:15511/services/cluster/manager/ha_active_status
Response
From active cluster manager:
< HTTP/1.1 200 OK < Date: Tue, 10 May 2022 10:45:57 GMT < Expires: Thu, 26 Oct 1978 00:00:00 GMT < Cache-Control: no-store, no-cache, must-revalidate, max-age=0 < Content-Type: text/xml; charset=UTF-8 < X-Content-Type-Options: nosniff < Content-Length: 1740 < Connection: Keep-Alive < X-Frame-Options: SAMEORIGIN < Server: Splunkd < <?xml version="1.0" encoding="UTF-8"?> <!--This is to override browser formatting; see server.conf [httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .--> <?xml-stylesheet type="text/xml" href="/static/atom.xsl"?> <feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clusteractivemanager</title> <id>https://mrt:15511/services/cluster/manager/ha_active_status</id> <updated>2022-05-10T10:45:57+00:00</updated> <generator build="5ca3c0f7da3fe0b8be8e4a9ca6ac785dcf812149" version="20220426"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> </feed>
From standby cluster manager:
< HTTP/1.1 503 Service Unavailable < Date: Tue, 10 May 2022 10:47:00 GMT < Expires: Thu, 26 Oct 1978 00:00:00 GMT < Cache-Control: no-store, no-cache, must-revalidate, max-age=0 < Content-Type: text/xml; charset=UTF-8 < X-Content-Type-Options: nosniff < Content-Length: 154 < Connection: Keep-Alive < X-Frame-Options: SAMEORIGIN < Server: Splunkd < <?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Cluster manager is in inactive mode.</msg> </messages> </response>
cluster/manager/health
https://<host>:<mPort>/services/cluster/manager/health
Performs health checks to determine the cluster health and search impact, prior to a rolling upgrade of the indexer cluster.
Authentication and Authorization
Requires the admin
role or list_indexer_cluster
capability.
GET
Get indexer cluster health check results.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Datatype | Description |
---|---|---|
all_data_is_searchable | Boolean | Indicates if all data in the cluster is searchable. |
all_peers_are_up | Boolean | Indicate if all peers are strictly in the Up status. |
cm_version_is_compatible | Boolean | Indicates if any cluster peers are running a Splunk Enterprise version greater than or equal to the cluster manager's version. |
multisite | Boolean | Indicates if multisite is enabled. |
no_fixups_in_progress | Boolean | Indicates if there does not exist buckets with bucket state NonStreamingTarget , or bucket search states PendingSearchable or SearchablePendingMask .
|
pre_flight_check | Boolean | Indicates if the health check prior to a rolling upgrade was successful. This value is true only if the cluster passed all health checks. |
replication_factor_met | Boolean | Only valid for mode=manager and multisite=false. Indicates whether the replication factor is met. If true, the cluster has at least replication_factor number of raw data copies in the cluster.
|
search_factor_met | Boolean | Only valid for mode=manager and multisite=false. Indicates whether the search factor is met. If true, the cluster has at least search_factor number of raw data copies in the cluster.
|
site_replication_factor_met | Boolean | Only valid for mode=manager and multisite=true. Indicates whether the site replication factor is met. If true, the cluster has at least replication_factor number of raw data copies in the cluster.
|
site_search_factor_met | Boolean | Only valid for mode=manager and multisite=true. Indicates whether the site search factor is met. If true, the cluster has at least site_search_factor number of raw data copies in the cluster.
|
splunk_version_peer_count | String | Lists the number of cluster peers running each Splunk Enterprise version. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/health
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustermanagerhealth</title> <id>https://10.141.65.179:52000/services/cluster/manager/health</id> <updated>2018-04-01T19:53:47+00:00</updated> <generator build="b233a6c1ade2" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/health/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>manager</title> <id>https://10.141.65.179:52000/services/cluster/manager/health/manager</id> <updated>1970-01-01T00:00:00+00:00</updated> <link href="/services/cluster/manager/health/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/health/manager" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="all_data_is_searchable">1</s:key> <s:key name="all_peers_are_up">1</s:key> <s:key name="cm_version_is_compatible">1</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="multisite">0</s:key> <s:key name="no_fixup_tasks_in_progress">1</s:key> <s:key name="pre_flight_check">1</s:key> <s:key name="replication_factor_met">1</s:key> <s:key name="search_factor_met">1</s:key> <s:key name="site_replication_factor_met">1</s:key> <s:key name="site_search_factor_met">1</s:key> <s:key name="splunk_version_peer_count">{ 7.1.0: 3 }</s:key> </s:dict> </content> </entry> </feed>
cluster/manager/indexes
https://<host>:<mPort>/services/cluster/manager/indexes
Access cluster index information.
GET
List cluster indices.
Request parameters
None
Returned values
Attribute | Description |
---|---|
buckets_with_excess_copies | Number of distinct buckets that have one or more excess replication copies. |
buckets_with_excess_searchable_copies | Number of distinct buckets that have one or more excess searchable copies. |
index_size | Size of the index |
is_searchable | When every bucket in the index has a primary, the index is considered "searchable". |
non_site_aware_buckets_in_site_aware_cluster | Number of buckets created when the cluster was not in a multisite config. (Included only when the cluster is in multisite config.) |
num_buckets | Total number of distinct buckets. |
replicated_copies_tracker | Displays how many distinct buckets have X number of copies. One of the following options.
|
searchable_copies_tracker | Displays how many distinct buckets have X number of searchable copies. One of the following options.
|
sort_order | Used by UI. |
total_excess_bucket_copies | Total number of excess copies for all buckets. |
total_excess_searchable_copies | Total number of excess searchable copies for all buckets. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/indexes
XML Response
<title>clustermanagerpeerindexes</title> <id>https://localhost:8089/services/cluster/manager/indexes</id> <updated>2014-04-17T19:11:14+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>2</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>_audit</title> <id>https://localhost:8089/services/cluster/manager/indexes/_audit</id> <updated>2014-04-17T19:11:14+00:00</updated> <link href="/services/cluster/manager/indexes/_audit" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/indexes/_audit" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="buckets_with_excess_copies">0</s:key> <s:key name="buckets_with_excess_searchable_copies">0</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="index_size">284975</s:key> <s:key name="is_searchable">1</s:key> <s:key name="non_site_aware_buckets_in_site_aware_cluster">6</s:key> <s:key name="num_buckets">12</s:key> <s:key name="replicated_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="2"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="searchable_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="sort_order">4294967295</s:key> <s:key name="total_excess_bucket_copies">0</s:key> <s:key name="total_excess_searchable_copies">0</s:key> </s:dict> </content> </entry> <entry> <title>_internal</title> <id>https://localhost:8089/services/cluster/manager/indexes/_internal</id> <updated>2014-04-17T19:11:14+00:00</updated> <link href="/services/cluster/manager/indexes/_internal" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/indexes/_internal" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="buckets_with_excess_copies">0</s:key> <s:key name="buckets_with_excess_searchable_copies">0</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="index_size">1190869</s:key> <s:key name="is_searchable">1</s:key> <s:key name="non_site_aware_buckets_in_site_aware_cluster">6</s:key> <s:key name="num_buckets">12</s:key> <s:key name="replicated_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="2"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="searchable_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="sort_order">4294967295</s:key> <s:key name="total_excess_bucket_copies">0</s:key> <s:key name="total_excess_searchable_copies">0</s:key> </s:dict> </content> </entry>
cluster/manager/indexes/{name}
https://<host>:<mPort>/services/cluster/manager/indexes/{name}
Access specific cluster index information.
GET
List {name} index information.
Request parameters
None
Returned values
Attribute | Description |
---|---|
buckets_with_excess_copies | Number of distinct buckets that have one or more excess replication copies. |
buckets_with_excess_searchable_copies | Number of distinct buckets that have one or more excess searchable copies. |
index_size | Size of the index |
is_searchable | When every bucket in the index has a primary, the index is considered "searchable". |
non_site_aware_buckets_in_site_aware_cluster | Number of buckets created when the cluster was not in a multisite config. (Included only when the cluster is in multisite config.) |
num_buckets | Total number of distinct buckets. Displays how many distinct buckets have X number of copies. One of the following options.
|
searchable_copies_tracker | Displays how many distinct buckets have X number of searchable copies. One of the following options.
|
sort_order | Used by UI. |
total_excess_bucket_copies | Total number of excess copies for all buckets. |
total_excess_searchable_copies | Total number of excess searchable copies for all buckets. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/indexes/_audit
XML Response
<title>clustermanagerpeerindexes</title> <id>https://localhost:8089/services/cluster/manager/indexes</id> <updated>2014-04-17T19:11:14+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>2</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>_audit</title> <id>https://localhost:8089/services/cluster/manager/indexes/_audit</id> <updated>2014-04-17T19:11:14+00:00</updated> <link href="/services/cluster/manager/indexes/_audit" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/indexes/_audit" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="buckets_with_excess_copies">0</s:key> <s:key name="buckets_with_excess_searchable_copies">0</s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="index_size">284975</s:key> <s:key name="is_searchable">1</s:key> <s:key name="non_site_aware_buckets_in_site_aware_cluster">6</s:key> <s:key name="num_buckets">12</s:key> <s:key name="replicated_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="2"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="searchable_copies_tracker"> <s:dict> <s:key name="0"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> <s:key name="1"> <s:dict> <s:key name="actual_copies_per_slot">12</s:key> <s:key name="expected_total_per_slot">12</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="sort_order">4294967295</s:key> <s:key name="total_excess_bucket_copies">0</s:key> <s:key name="total_excess_searchable_copies">0</s:key> </s:dict> </content> </entry>
cluster/manager/info
https://<host>:<mPort>/services/cluster/manager/info
Access information about cluster manager node.
GET
List cluster manager node details.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
active_bundle | Provides information about the active bundle for this manager. |
bundle_creation_time_on_manager | The time, in epoch seconds, when the bundle was created on the manager. |
bundle_validation_errors_on_manager | A list of bundle validation errors. |
bundle_validation_in_progress | Indicates if bundle validation is in progress. |
bundle_validation_on_manager_succeeded | Indicates whether the manager succeeded validating bundles. |
data_safety_buckets_to_fix | Lists the buckets to fix for the completion of data safety. |
gen_commit_buckets_to_fix | The buckets to be fixed before the next generation can be committed. |
indexing_ready_flag | Indicates if the cluster is ready for indexing. |
initialized_flag | Indicates if the cluster is initialized. |
label | The name for the manager. Displayed in the Splunk Web manager page. |
latest_bundle | The most recent information reflecting any changes made to the manager-apps configuration bundle.
In steady state, this is equal to active_bundle. If it is not equal, then pushing the latest bundle to all peers is in process (or needs to be started). |
maintenance_mode | Indicates if the cluster is in maintenance mode. |
reload_bundle_issued | Indicates if the bundle issued is being reloaded. |
rep_count_buckets_to_fix | Number of buckets to fix on peers. |
rolling_restart_flag | Indicates whether the manager is restarting the peers in a cluster. |
search_count_buckets_to_fix | Number of buckets to fix to satisfy the search count. |
service_ready_flag | Indicates whether the manager is ready to begin servicing, based on whether it is initialized. |
start_time | Timestamp corresponding to the creation of the manager. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/info
XML Response
<title>clustermanagerinfo</title> <id>http://greentea.sv.splunk.com:8089/services/cluster/manager/info</id> <updated>2013-07-23T10:36:35-07:00</updated> <generator build="172635" version="6.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>http://greentea.sv.splunk.com:8089/services/cluster/manager/info/manager</id> <updated>2013-07-23T10:36:35-07:00</updated> <link href="/services/cluster/manager/info/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/info/manager" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="active_bundle"> <s:dict> <s:key name="bundle_path">/home/eserv/schoi/apple_manager/splunk/var/run/splunk/cluster/remote-bundle/66e383cafa8ff1f033e2341e35fc2e09-1374594357.bundle</s:key> <s:key name="checksum">a98f211c7bc6b141bd4fe5775c7cd193</s:key> <s:key name="timestamp">1374594357</s:key> </s:dict> </s:key> <s:key name="bundle_creation_time_on_manager">1374594357</s:key> <s:key name="bundle_validation_errors_on_manager"> <s:list/> </s:key> <s:key name="bundle_validation_in_progress">0</s:key> <s:key name="bundle_validation_on_manager_succeeded">1</s:key> <s:key name="data_safety_buckets_to_fix"> <s:dict> <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> . . . elided . . . <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </s:key> ... eai:acl node elided ... <s:key name="gen_commit_buckets_to_fix"> <s:dict> <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> . . . elided . . . <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="indexing_ready_flag">1</s:key> <s:key name="initialized_flag">1</s:key> <s:key name="label">manager_nc</s:key> <s:key name="latest_bundle"> <s:dict> <s:key name="bundle_path">/home/eserv/schoi/apple_manager/splunk/var/run/splunk/cluster/remote-bundle/66e383cafa8ff1f033e2341e35fc2e09-1374594357.bundle</s:key> <s:key name="checksum">a98f211c7bc6b141bd4fe5775c7cd193</s:key> <s:key name="timestamp">1374594357</s:key> </s:dict> </s:key> <s:key name="maintenance_mode">0</s:key> <s:key name="reload_bundle_issued">0</s:key> <s:key name="rep_count_buckets_to_fix"> <s:dict> <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> . . . elided . . . <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="rolling_restart_flag">0</s:key> <s:key name="search_count_buckets_to_fix"> <s:dict> <s:key name="_internal~1~05BB0AAC-61A5-491B-9153-3B02E6DA6130"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="_internal~1~76AFDA4D-DAA7-48A8-A738-DD669A0853CD"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">resolved initial state</s:key> <s:key name="timestamp">1374594631</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason"></s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> . . . elided . . . <s:key name="i5~659~8CEAE4B4-BAB0-415E-9DA6-0438ECD8B3EF"> <s:dict> <s:key name="initial"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> <s:key name="latest"> <s:dict> <s:key name="reason">streaming success</s:key> <s:key name="timestamp">1374600995</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="service_ready_flag">1</s:key> <s:key name="start_time">1374594571</s:key> </s:dict> </content> </entry>
cluster/manager/peers
https://<host>:<mPort>/services/cluster/manager/peers
Access cluster manager peers.
See also
cluster/manager/control/control/remove_peers
GET
List cluster manager peers.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
active_bundle_id | The ID of the configuration bundle currently being used by the manager. |
apply_bundle_status | Bundle status enumeration. |
base_generation_id | The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.
The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the manager. |
bucket_count | Count of the number of buckets on this peer, across all indexes. |
bucket_count_by_index | Count of the number of buckets by index on this peer. |
delayed_buckets_to_discard | List of bucket IDs waiting to be discarded on this peer. |
fixup_set | The set of buckets that need repair once you take the peer offline. |
heartbeat_started | Flag indicating if this peer has started heartbeating. |
host_port_pair | The host and port advertised to peers for the data replication channel.
Can be either of the form IP:port or hostname:port. |
is_searchable | Flag indicating if this peer belongs to the current committed generation and is searchable. |
label | The name for the peer. Displayed on the manager page. |
last_heartbeat | Timestamp for last heartbeat recieved from the peer. |
latest_bundle_id | The ID of the configuration bundle this peer is using. |
pending_job_count | Used by the manager to keep track of pending jobs requested by the manager to this peer. |
primary_count | Number of buckets for which the peer is primary in its local site, or the number of buckets that return search results from same site as the peer. |
primary_count_remote | Number of buckets for which the peer is primary that are not in its local site. |
replication_count | Number of replications this peer is part of, as either source or target. |
replication_port | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
search_state_counter | Lists the number of buckets on the peer for each search state for the bucket.
|
site | To which site the peer belongs. |
status | Indicates the status of the peer.
|
status_counter | Lists the number of buckets on the peer for each bucket status.
Possible values for bucket status:
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/peers
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustermanagerpeers</title> <id>https://localhost:8089/services/cluster/manager/peers</id> <updated>2014-04-17T19:17:08+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/peers/_new" rel="create"/> <opensearch:totalResults>6</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>238C3311-F0A4-4A9B-97F0-53667CFFEEAB</title> <id>https://localhost:8089/services/cluster/manager/peers/238C3311-F0A4-4A9B-97F0-53667CFFEEAB</id> <updated>2014-04-17T19:17:08+00:00</updated> <link href="/services/cluster/manager/peers/238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/peers/238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="list"/> <link href="/services/cluster/manager/peers/238C3311-F0A4-4A9B-97F0-53667CFFEEAB" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="active_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="apply_bundle_status"> <s:dict> <s:key name="invalid_bundle"> <s:dict> <s:key name="bundle_validation_errors"> <s:list/> </s:key> <s:key name="invalid_bundle_id"></s:key> </s:dict> </s:key> <s:key name="reload_error"></s:key> <s:key name="restart_required_for_apply_bundle">0</s:key> </s:dict> </s:key> <s:key name="base_generation_id">6</s:key> <s:key name="bucket_count">10</s:key> <s:key name="bucket_count_by_index"> <s:dict> <s:key name="_audit">5</s:key> <s:key name="_internal">5</s:key> </s:dict> </s:key> <s:key name="delayed_buckets_to_discard"> <s:list/> </s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="heartbeat_started">1</s:key> <s:key name="host_port_pair">127.0.1.1:8096</s:key> <s:key name="is_searchable">1</s:key> <s:key name="label">s2p3</s:key> <s:key name="last_heartbeat">1397762228</s:key> <s:key name="latest_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="primary_count">5</s:key> <s:key name="primary_count_remote">2</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">9905</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="search_state_counter"> <s:dict> <s:key name="Searchable">5</s:key> <s:key name="SearchablePendingMask">0</s:key> <s:key name="Unsearchable">5</s:key> </s:dict> </s:key> <s:key name="site">site2</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">6</s:key> <s:key name="NonStreamingTarget">0</s:key> <s:key name="StreamingSource">2</s:key> <s:key name="StreamingTarget">2</s:key> </s:dict> </s:key> </s:dict> </content> </entry> . . . elided . . . <entry> <title>E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C</title> <id>https://localhost:8089/services/cluster/manager/peers/E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C</id> <updated>2014-04-17T19:17:08+00:00</updated> <link href="/services/cluster/manager/peers/E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/peers/E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="list"/> <link href="/services/cluster/manager/peers/E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="active_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="apply_bundle_status"> <s:dict> <s:key name="invalid_bundle"> <s:dict> <s:key name="bundle_validation_errors"> <s:list/> </s:key> <s:key name="invalid_bundle_id"></s:key> </s:dict> </s:key> <s:key name="reload_error"></s:key> <s:key name="restart_required_for_apply_bundle">0</s:key> </s:dict> </s:key> <s:key name="base_generation_id">4</s:key> <s:key name="bucket_count">13</s:key> <s:key name="bucket_count_by_index"> <s:dict> <s:key name="_audit">6</s:key> <s:key name="_internal">7</s:key> </s:dict> </s:key> <s:key name="delayed_buckets_to_discard"> <s:list/> </s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="heartbeat_started">1</s:key> <s:key name="host_port_pair">127.0.1.1:8094</s:key> <s:key name="is_searchable">1</s:key> <s:key name="label">s2p1</s:key> <s:key name="last_heartbeat">1397762227</s:key> <s:key name="latest_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="primary_count">7</s:key> <s:key name="primary_count_remote">2</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">9903</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="search_state_counter"> <s:dict> <s:key name="PendingSearchable">0</s:key> <s:key name="Searchable">10</s:key> <s:key name="SearchablePendingMask">0</s:key> <s:key name="Unsearchable">3</s:key> </s:dict> </s:key> <s:key name="site">site2</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">6</s:key> <s:key name="NonStreamingTarget">0</s:key> <s:key name="StreamingSource">2</s:key> <s:key name="StreamingTarget">5</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/peers/{name}
https://<host>:<mPort>/services/cluster/manager/peers/{name}
Access specified peer.
GET
Get {name} peer information.
Request parameters
Name | Type | Description |
---|---|---|
list_buckets | Boolean | Indicates whether to list the buckets for the peers to this manager. |
Returned values
Name | Description |
---|---|
active_bundle_id | The ID of the configuration bundle currently being used by the manager. |
apply_bundle_status | Bundle status enumeration. |
base_generation_id | The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.
The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the manager. |
bucket_count | Count of the number of buckets on this peer, across all indexes. |
bucket_count_by_index | Count of the number of buckets by index on this peer. |
delayed_buckets_to_discard | List of bucket IDs waiting to be discarded on this peer. |
fixup_set | The set of buckets that need repair once you take the peer offline. |
heartbeat_started | Flag indicating if this peer has started heartbeating. |
host_port_pair | The host and port advertised to peers for the data replication channel.
Can be either of the form IP:port or hostname:port. |
is_searchable | Flag indicating if this peer belongs to the current committed generation and is searchable. |
label | The name for the peer. Displayed on the Splunk Web manager page. |
last_heartbeat | Timestamp for last heartbeat recieved from the peer. |
latest_bundle_id | The ID of the configuration bundle this peer is using. |
pending_job_count | Used by the manager to keep track of pending jobs requested by the manager to this peer. |
primary_count | Number of buckets for which the peer is primary in its local site, or the number of buckets that return search results from same site as the peer. |
primary_count_remote | Number of buckets for which the peer is primary that are not in its local site. |
replication_count | Number of replications this peer is part of, as either source or target. |
replication_port | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
search_state_counter | Lists the number of buckets on the peer for each search state for the bucket.
Possible values for search state include:
|
site | To which site the peer belongs. |
splunk_version | The version of Splunk that the peer is running. This will be of the form X.Y.Z where X is the major version, Y is the minor version, and Z is the maintenance version. |
status | Indicates the status of the peer.
Valid values are:
|
status_counter | Lists the number of buckets on the peer for each bucket status.
Possible values for bucket status:
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/peers/29F9560E-A44A-425C-8753-1C6158B46C84
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustermanagerpeers</title> <id>https://localhost:8089/services/cluster/manager/peers</id> <updated>2014-04-17T19:18:19+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/peers/_new" rel="create"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>29F9560E-A44A-425C-8753-1C6158B46C84</title> <id>https://localhost:8089/services/cluster/manager/peers/29F9560E-A44A-425C-8753-1C6158B46C84</id> <updated>2014-04-17T19:18:19+00:00</updated> <link href="/services/cluster/manager/peers/29F9560E-A44A-425C-8753-1C6158B46C84" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/peers/29F9560E-A44A-425C-8753-1C6158B46C84" rel="list"/> <link href="/services/cluster/manager/peers/29F9560E-A44A-425C-8753-1C6158B46C84" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="active_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="apply_bundle_status"> <s:dict> <s:key name="invalid_bundle"> <s:dict> <s:key name="bundle_validation_errors"> <s:list/> </s:key> <s:key name="invalid_bundle_id"></s:key> </s:dict> </s:key> <s:key name="reload_error"></s:key> <s:key name="restart_required_for_apply_bundle">0</s:key> </s:dict> </s:key> <s:key name="base_generation_id">3</s:key> <s:key name="bucket_count">11</s:key> <s:key name="bucket_count_by_index"> <s:dict> <s:key name="_audit">6</s:key> <s:key name="_internal">5</s:key> </s:dict> </s:key> <s:key name="delayed_buckets_to_discard"> <s:list/> </s:key> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="eai:attributes"> ... elided ... </s:key> <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="heartbeat_started">1</s:key> <s:key name="host_port_pair">127.0.1.1:8092</s:key> <s:key name="is_searchable">1</s:key> <s:key name="label">s1p3</s:key> <s:key name="last_heartbeat">1397762298</s:key> <s:key name="latest_bundle_id">4708B74780A1E5101449548B1E103616</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="primary_count">6</s:key> <s:key name="primary_count_remote">2</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">9902</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="search_state_counter"> <s:dict> <s:key name="PendingSearchable">0</s:key> <s:key name="Searchable">8</s:key> <s:key name="SearchablePendingMask">0</s:key> <s:key name="Unsearchable">3</s:key> </s:dict> </s:key> <s:key name="site">site1</s:key> <s:key name="splunk_version">7.2.0</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">6</s:key> <s:key name="NonStreamingTarget">0</s:key> <s:key name="StreamingSource">2</s:key> <s:key name="StreamingTarget">3</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/redundancy
https://<host>:<mPort>/services/cluster/manager/redundancy
Display the details of all cluster managers participating in cluster manager redundancy, and switch the HA state of the cluster managers.
Authentication and authorization
The GET on this endpoint needs the capability list_indexer_cluster
, and the POST on this endpoint needs the capability edit_indexer_cluster
.
GET
Display the details of all cluster managers participating in cluster manager redundancy.
Request parameters
None
Returned values
Name | Description |
---|---|
active_bundle_id | The active bundle ID of the cluster, as set in the given cluster manager. |
generation_id | The last committed generation ID of the cluster, as known to the given cluster manager. |
ha_mode | The high availability mode of the given cluster manager. |
last_heartbeat | The timestamp of the last heartbeat received from the given cluster manager. This is only applicable for the standby cluster managers. For the active cluster manager, this is set to 0. For standby cluster managers, this field reflects the valid timestamp, denoting the last time the active manager received a heartbeat from this standby cluster manager. |
manager_switchover_mode | The switchover mode set in the given cluster manager. |
peers_count | The number of indexer peers known to to the given cluster manager. |
server_name | The configured server name of the given cluster manager. |
uri | The management URI of the given cluster manager. |
Example request and response
Request
curl -k -u admin:changeme -XGET "https://mrt:15511/services/cluster/manager/redundancy/?output_mode=json"
Response
{ "links":{ "create":"/services/cluster/manager/redundancy/_new" }, "origin":"https://mrt:15511/services/cluster/manager/redundancy", "updated":"2022-01-25T08:29:41+00:00", "generator":{ "build":"e578ec650c0bf4d48e84541eae3d501f6dfc688a", "version":"20211229" }, "entry":[ { "name":"7EE219C0-23A6-4E95-A599-64E0FE5E8B05", "id":"https://mrt:15511/services/cluster/manager/redundancy/7EE219C0-23A6-4E95-A599-64E0FE5E8B05", "updated":"1970-01-01T00:00:00+00:00", "links":{ "alternate":"/services/cluster/manager/redundancy/7EE219C0-23A6-4E95-A599-64E0FE5E8B05", "list":"/services/cluster/manager/redundancy/7EE219C0-23A6-4E95-A599-64E0FE5E8B05", "edit":"/services/cluster/manager/redundancy/7EE219C0-23A6-4E95-A599-64E0FE5E8B05" }, "author":"system", "acl":{ "app":"", "can_list":true, "can_write":true, "modifiable":false, "owner":"system", "perms":{ "read":[ "admin", "splunk-system-role" ], "write":[ "admin", "splunk-system-role" ] }, "removable":false, "sharing":"system" }, "content":{ "active_bundle_id":"075EA8FB2D1172A1A7AD9DA472C63E92", "eai:acl":null, "generation_id":"21", "ha_mode":"Active", "last_heartbeat":0, "manager_switchover_mode":"auto", "peers_count":"5", "server_name":"cm", "uri":"https://mrt:15511" } }, { "name":"841BD315-21DB-4589-8813-15199DF02F1F", "id":"https://mrt:15511/services/cluster/manager/redundancy/841BD315-21DB-4589-8813-15199DF02F1F", "updated":"1970-01-01T00:00:00+00:00", "links":{ "alternate":"/services/cluster/manager/redundancy/841BD315-21DB-4589-8813-15199DF02F1F", "list":"/services/cluster/manager/redundancy/841BD315-21DB-4589-8813-15199DF02F1F", "edit":"/services/cluster/manager/redundancy/841BD315-21DB-4589-8813-15199DF02F1F" }, "author":"system", "acl":{ "app":"", "can_list":true, "can_write":true, "modifiable":false, "owner":"system", "perms":{ "read":[ "admin", "splunk-system-role" ], "write":[ "admin", "splunk-system-role" ] }, "removable":false, "sharing":"system" }, "content":{ "active_bundle_id":"075EA8FB2D1172A1A7AD9DA472C63E92", "eai:acl":null, "generation_id":"21", "ha_mode":"Standby", "last_heartbeat":1643099380, "manager_switchover_mode":"auto", "peers_count":"5", "server_name":"cm-standby2", "uri":"https://wimpy:14089" } } ], "paging":{ "total":2, "perPage":30, "offset":0 }, "messages":[ ] }
POST
Switch the high availability state of the cluster managers.
Request parameters
ha_mode=Active|Standby
Returned values
Name | Description |
---|---|
ha_mode | The resultant high availability mode of the given cluster manager after the mode change request completion. |
Example request and response
Request
curl -k -u admin:changeme -XPOST "https://10.16.88.2:15511/services/cluster/manager/redundancy/?output_mode=json" -d "_action=switch_mode" -d "ha_mode=Active"
Response
{ "links":{ "create":"/services/cluster/manager/redundancy/_new" }, "origin":"https://10.16.88.2:15511/services/cluster/manager/redundancy", "updated":"2021-10-14T04:15:00-07:00", "generator":{ "build":"42f3134682e376e692f6e407a83b41c8dd787e9e", "version":"20211011" }, "entry":[ { "name":"0AB9404D-8670-4F26-8723-CA289A5A0E3A", "id":"https://10.16.88.2:15511/services/cluster/manager/redundancy/0AB9404D-8670-4F26-8723-CA289A5A0E3A", "updated":"1969-12-31T16:00:00-08:00", "links":{ "alternate":"/services/cluster/manager/redundancy/0AB9404D-8670-4F26-8723-CA289A5A0E3A", "list":"/services/cluster/manager/redundancy/0AB9404D-8670-4F26-8723-CA289A5A0E3A", "edit":"/services/cluster/manager/redundancy/0AB9404D-8670-4F26-8723-CA289A5A0E3A" }, "author":"system", "acl":{ "app":"", "can_list":true, "can_write":true, "modifiable":false, "owner":"system", "perms":{ "read":[ "admin", "splunk-system-role" ], "write":[ "admin", "splunk-system-role" ] }, "removable":false, "sharing":"system" }, "content":{ "eai:acl":null, "ha_mode":"Active" } } ], "paging":{ "total":1, "perPage":30, "offset":0 }, "messages":[ ] }
cluster/manager/sites
https://<host>:<mPort>/services/cluster/manager/sites
Access cluster site information.
GET
List available cluster sites.
Request parameters
None
Returned values
Name | Description |
---|---|
peers | Peers list of host:port and server name. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/sites
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustermanagersites</title> <id>https://localhost:8089/services/cluster/manager/sites</id> <updated>2014-04-17T19:12:15+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>2</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>site1</title> <id>https://localhost:8089/services/cluster/manager/sites/site1</id> <updated>2014-04-17T19:12:15+00:00</updated> <link href="/services/cluster/manager/sites/site1" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/sites/site1" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="peers"> <s:dict> <s:key name="29F9560E-A44A-425C-8753-1C6158B46C84"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8092</s:key> <s:key name="server_name">s1p3</s:key> </s:dict> </s:key> <s:key name="61666763-43E9-411B-9464-D80A5119EF0E"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8091</s:key> <s:key name="server_name">s1p2</s:key> </s:dict> </s:key> <s:key name="76C88808-2727-42B4-8C05-72DC44630FE4"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8090</s:key> <s:key name="server_name">s1p1</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> <entry> <title>site2</title> <id>https://localhost:8089/services/cluster/manager/sites/site2</id> <updated>2014-04-17T19:12:15+00:00</updated> <link href="/services/cluster/manager/sites/site2" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/sites/site2" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="peers"> <s:dict> <s:key name="238C3311-F0A4-4A9B-97F0-53667CFFEEAB"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8096</s:key> <s:key name="server_name">s2p3</s:key> </s:dict> </s:key> <s:key name="C878FADC-513D-4BDD-BA48-F25BB82FE565"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8095</s:key> <s:key name="server_name">s2p2</s:key> </s:dict> </s:key> <s:key name="E4B2C5E4-0961-4F3A-A5F7-C3A4BB6B518C"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8094</s:key> <s:key name="server_name">s2p1</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/sites/{name}
https://<host>:<mPort>/services/cluster/manager/sites/{name}
Access specific cluster site information.
GET
List the {name} cluster site information.
Request parameters
None
Returned values
Name | Description |
---|---|
peers | Site peer reference, for each peer. Possible values include the following.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/sites/site1
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustermanagersites</title> <id>https://localhost:8089/services/cluster/manager/sites</id> <updated>2014-04-17T19:13:07+00:00</updated> <generator build="204899" version="6.1"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>site1</title> <id>https://localhost:8089/services/cluster/manager/sites/site1</id> <updated>2014-04-17T19:13:07+00:00</updated> <link href="/services/cluster/manager/sites/site1" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/sites/site1" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> ... elided ... </s:key> <s:key name="eai:attributes"> ... elided ... </s:key> <s:key name="peers"> <s:dict> <s:key name="29F9560E-A44A-425C-8753-1C6158B46C84"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8092</s:key> <s:key name="server_name">s1p3</s:key> </s:dict> </s:key> <s:key name="61666763-43E9-411B-9464-D80A5119EF0E"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8091</s:key> <s:key name="server_name">s1p2</s:key> </s:dict> </s:key> <s:key name="76C88808-2727-42B4-8C05-72DC44630FE4"> <s:dict> <s:key name="host_port_pair">127.0.1.1:8090</s:key> <s:key name="server_name">s1p1</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/manager/status
https://<host>:<mPort>/services/cluster/manager/status
Endpoint to get the status of a rolling restart.
GET
Get the status of a rolling restart.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
decommission_force_timeout | The amount of time, in seconds, the cluster manager will wait for a peer in primary decommission status to finish primary reassignment
and restart, during a searchable rolling restart with timeouts. Only valid for |
maintenance_mode | Indicates if the cluster is in maintenance mode. Happens during rolling restart, bundle push, and other maintenance activities. |
messages | Array of messages from server. |
multisite | Indicates if multisite is enabled for this manager. Make sure you set site parameters on the peers if you set this to true. Defaults to false. |
peers | Object containing all the peers in the cluster. For each peer, the label, site and status are provided. |
restart_inactivity_timeout | The amount of time, in seconds, that the manager waits for a peer to restart and rejoin the cluster before it considers the restart a failure and proceeds to restart other peers. A value of zero (0) means that the manager waits indefinitely for a peer to restart. Only valid for rolling_restart=searchable_force . Default is 600secs.
|
restart_progress | Object containing lists of peers in "done", "failed", "in_progress" and "to_be_restarted" state. |
rolling_restart_flag | Boolean that indicates if there is a rolling restart in progress. |
rolling_restart_or_upgrade | Boolean that indicates if there is a rolling restart or rolling upgrade in progress. |
searchable_rolling | Boolean that indicates if a searchable rolling restart/upgrade in progress. |
service_ready_flag | Boolean that indicates if the cluster is ready. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/manager/status
XML Response
<title>clustermanagerstatus</title> <id>https://10.141.65.179:52000/services/cluster/manager/status</id> <updated>2018-04-01T23:00:53+00:00</updated> <generator build="b233a6c1ade2" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/manager/status/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>manager</title> <id>https://10.141.65.179:52000/services/cluster/manager/status/manager</id> <updated>1970-01-01T00:00:00+00:00</updated> <link href="/services/cluster/manager/status/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/manager/status/manager" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="decommission_force_timeout">0</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="maintenance_mode">0</s:key> <s:key name="messages"></s:key> <s:key name="multisite">0</s:key> <s:key name="peers"> <s:dict> <s:key name="08696C19-548F-4563-BA53-2A18769091DB"> <s:dict> <s:key name="label">idx3</s:key> <s:key name="site">default</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> <s:key name="15FE1639-DDEF-4C50-B5A8-3E1C859FA1EA"> <s:dict> <s:key name="label">idx2</s:key> <s:key name="site">default</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> <s:key name="73CA8A90-EC43-466F-8D12-A55C6E2EBC05"> <s:dict> <s:key name="label">idx1</s:key> <s:key name="site">default</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="restart_inactivity_timeout">0</s:key> <s:key name="restart_progress"> <s:dict> <s:key name="done"> <s:list/> </s:key> <s:key name="failed"> <s:list/> </s:key> <s:key name="in_progress"> <s:list/> </s:key> <s:key name="to_be_restarted"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="rolling_restart_flag">0</s:key> <s:key name="rolling_restart_or_upgrade">0</s:key> <s:key name="searchable_rolling">0</s:key> <s:key name="service_ready_flag">1</s:key> </s:dict> </content> </entry>
cluster/searchhead/generation
https://<host>:<mPort>/services/cluster/searchhead/generation
Access peer information in a cluster searchhead.
GET
List peers available to a cluster searchhead.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
generation_id | The current generation ID for this searchhead, which is part of a cluster configuration.
The search head uses this information to determine which buckets to search across. |
generation_peers | List of peer nodes for the current generation in the cluster configuration for this searchhead. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/searchhead/generation
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadgeneration</title> <id>https://localhost:8089/services/cluster/searchhead/generation</id> <updated>2012-09-05T11:13:45-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>manager</title> <id>https://localhost:8089/services/cluster/searchhead/generation/manager</id> <updated>2012-09-05T11:13:45-07:00</updated> <link href="/services/cluster/searchhead/generation/manager" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/searchhead/generation/manager" rel="list"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="generation_id">2</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="2AF11DD4-1424-4A14-A522-FB9D055E9516"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8389</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> <s:key name="50FCDB42-E167-458D-A6A9-E4587E8F16D9"> <s:dict> <s:key name="host_port_pair">splunks-ombra.sv.splunk.com:8189</s:key> <s:key name="peer">splunks-ombra.sv.splunk.com</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/searchhead/generation/{name}
https://<host>:<mPort>/services/cluster/searchhead/generation/{name}
Access peer of the manager URI.
GET
Get {name} searchhead generation ID and generation peers.
Request parameters
None
Returned values
Name | Description |
---|---|
generation_id | The current generation ID for this searchhead, which is part of a cluster configuration.
The search head uses this information to determine which buckets to search across. |
generation_peers | List of peer nodes for the current generation in the cluster configuration for this searchhead. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/searchhead/generation/https%3A%252F%252Fmyserver-mbp15.sv.splunk.com%3A8989
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadgeneration</title> <id>https://localhost:53791/services/cluster/searchhead/generation</id> <updated>2012-09-07T14:11:59-07:00</updated> <generator build="136859" version="20120906"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>https://ronnie.splunk.com:53112</title> <id>https://localhost:53791/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112</id> <updated>2012-09-07T14:11:59-07:00</updated> <link href="/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/searchhead/generation/https%3A%252F%252Fronnie.splunk.com%3A53112" rel="list"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... ... eai:attributes node elided ... <s:key name="generation_id">3</s:key> <s:key name="generation_peers"> <s:dict> <s:key name="33333333-3333-3333-3333-333333333333"> <s:dict> <s:key name="host_port_pair">10.1.42.3:53309</s:key> <s:key name="peer">peer3</s:key> </s:dict> </s:key> <s:key name="44444444-4444-4444-4444-444444444444"> <s:dict> <s:key name="host_port_pair">10.1.42.3:53411</s:key> <s:key name="peer">peer4</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
cluster/searchhead/searchheadconfig
https://<host>:<mPort>/services/cluster/searchhead/searchheadconfig
Access cluster searchhead node configuration.
GET
List this cluster search head node configuration.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/cluster/searchhead/searchheadconfig
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadconfig</title> <id>https://localhost:8089/services/cluster/searchhead/searchheadconfig</id> <updated>2013-10-31T14:04:45-07:00</updated> <generator build="184661" version="20131030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/> <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>https://localhost:4567</title> <id>https://myserver:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id> <updated>2013-10-31T14:04:45-07:00</updated> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="manager_uri">https://localhost:4567</s:key> <s:key name="secret">********</s:key> </s:dict> </content> </entry> </feed>
POST
Configure this server as a cluster searchhead node.
Request parameters
Name | Type | Description |
---|---|---|
name | String | Required. The URI of the manager node in the cluster. |
secret | String | Required. Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the manager, it is not able to communicate with the manager.
Corresponds to pass4SymmKey setting in server.conf. |
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://myserver:8089/services/cluster/searchhead/searchheadconfig -d name=https://myserver:4567 -d secret=testsecret
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadconfig</title> <id>https://localhost:8089/services/cluster/searchhead/searchheadconfig</id> <updated>2013-10-31T14:04:45-07:00</updated> <generator build="184661" version="20131030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/> <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>https://localhost:4567</title> <id>https://myserver:8089/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id> <updated>2013-10-31T14:04:45-07:00</updated> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="manager_uri">https://localhost:4567</s:key> <s:key name="secret">********</s:key> </s:dict> </content> </entry> </feed>
cluster/searchhead/searchheadconfig/{name}
https://<host>:<mPort>/services/cluster/searchhead/searchheadconfig/{name}
Manage node in a cluster.
DELETE
Remove node from cluster.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme --request DELETE https://myserver.splunk.com:8089/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Fmyserver%3A8211
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadconfig</title> <id>https://myserver.splunk.com:8089/services/cluster/searchhead/searchheadconfig</id> <updated>2013-11-05T14:34:42-08:00</updated> <generator build="184986" version="20131101"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/> <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> </feed>
GET
List cluster search head node configuration.
Request parameters
None
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://myserver.splunk.com:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clustersearchheadconfig</title> <id>https://myserver.splunk.com:8089/services/cluster/searchhead/searchheadconfig</id> <updated>2013-11-05T14:43:00-08:00</updated> <generator build="184986" version="20131101"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/_new" rel="create"/> <link href="/services/cluster/searchhead/searchheadconfig/_reload" rel="_reload"/> ... openserch nodes elided ... <s:messages/> <entry> <title>https://localhost:4567</title> <id>https://myserver.splunk.com:7588/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567</id> <updated>2013-11-05T14:43:00-08:00</updated> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="list"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567/_reload" rel="_reload"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="edit"/> <link href="/services/cluster/searchhead/searchheadconfig/https%3A%252F%252Flocalhost%3A4567" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list> <s:item>manager_uri</s:item> <s:item>secret</s:item> </s:list> </s:key> <s:key name="requiredFields"> <s:list/> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="manager_uri">https://localhost:4567</s:key> <s:key name="secret">********</s:key> </s:dict> </content> </entry> </feed>
POST
Update cluster search head node configuration.
Request parameters
Name | Type | Description |
---|---|---|
manager_uri | String | The URI of the manager node in the cluster for which this searchhead is configured. |
secret | String | Secret shared among the nodes in the cluster to prevent any arbitrary node from connecting to the cluster. If a peer or searchhead is not configured with the same secret as the manager, it is not able to communicate with the manager.
Corresponds to pass4SymmKey setting in server.conf. |
Returned values
None
cluster/peer/buckets
https://<host>:<mPort>/services/cluster/peer/buckets
Access cluster peers bucket configuration.
GET
List cluster peers bucket configuration.
Request parameters
Name | Type | Description |
---|---|---|
generation_id | String | The generation ID for this peer. For each generation, the manager server in a cluster configuration assigns generation IDs. A generation identifies which copies of a cluster's buckets are primary and therefore can participate in a search. |
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
checksum | Used internally to identify this bucket. |
earliest_time | Indicates the time of the earliest event in this bucket. |
generation_id | The generation ID for this peer. |
generations | A sparse list of generation id to bucket primacy for the given peer. |
latest_time | Indicates the time for the latest event in this bucket. |
search_state | Indicates if the bucket is searchable or unsearchable .
|
status | Indicates the status of this bucket. One of the following values.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/cluster/peer/buckets
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clusterpeerbuckets</title> <id>https://localhost:8189/services/cluster/peer/buckets</id> <updated>2012-09-05T12:29:42-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</title> <id>https://localhost:8189/services/cluster/peer/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516</id> <updated>2012-09-05T12:29:42-07:00</updated> <link href="/services/cluster/peer/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/peer/buckets/_audit~0~2AF11DD4-1424-4A14-A522-FB9D055E9516" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="checksum"></s:key> ... eai:acl node elided ... <s:key name="earliest_time">1346859162</s:key> <s:key name="generations"> <s:dict> <s:key name="0">0x0</s:key> </s:dict> </s:key> <s:key name="latest_time">1346859257</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">Complete</s:key> </s:dict> </content> </entry> . . . elided ... </feed>
cluster/peer/buckets/{name}
https://<host>:<mPort>/services/cluster/peer/buckets/{name}
Manage peer buckets.
DELETE
Remove specified bucket from peer node.
Request parameters
Name | Type | Description |
---|---|---|
bucket_id | String | Required. The identifier for the bucket to remove. |
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass --request DELETE https://myserver:8089/services/cluster/peer/buckets/_internal~58~11111111-1111-1111-1111-111111111111 -d bucket_id="_internal~58~11111111-1111-1111-1111-111111111111"
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>clusterpeerbuckets</title> <id>https://myserver:8089/services/cluster/peer/buckets</id> <updated>2013-10-31T14:48:18-07:00</updated> <generator build="184661" version="20131030"/> <author> <name>Splunk</name> </author> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> </feed>
GET
List peer specified bucket information.
Request parameters
Name | Type | Description |
---|---|---|
generation_id | String | The generation ID for this peer. For each generation, the manager server in a cluster configuration assigns generation IDs. A generation identifies which copies of a cluster's buckets are primary and therefore can participate in a search. |
Returned values
Name | Description |
---|---|
checksum | Used internally to identify this bucket. |
earliest_time | Indicates the time of the earliest event in this bucket. |
generation_id | The generation ID for this peer. |
generations | A sparse list of generation id to bucket primacy for the given peer. |
latest_time | Indicates the time for the latest event in this bucket. |
search_state | Indicates if the bucket is Searchable or Unsearchable .
|
status | Indicates the status of this bucket. One of the following values.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/cluster/peer/buckets/_audit~0~B8B5E5C6-DB26-4952-AFB1-C5EFEFFFEA31
XML Response
. . . <title>clusterpeerbuckets</title> <id>https://localhost:8189/services/cluster/peer/buckets</id> <updated>2012-09-05T12:40:43-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</title> <id>https://localhost:8189/services/cluster/peer/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9</id> <updated>2012-09-05T12:40:43-07:00</updated> <link href="/services/cluster/peer/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/peer/buckets/_internal~1~50FCDB42-E167-458D-A6A9-E4587E8F16D9" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="checksum"></s:key> ... eai:acl node elided ... <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list/> </s:key> <s:key name="requiredFields"> <s:list/> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="earliest_time">0</s:key> <s:key name="generations"> <s:dict> <s:key name="0">0xffffffffffffffff</s:key> </s:dict> </s:key> <s:key name="latest_time">0</s:key> <s:key name="search_state">Searchable</s:key> <s:key name="status">StreamingSource</s:key> </s:dict> </content> </entry>
cluster/peer/control/control/decommission
https://<host>:<mPort>/services/cluster/peer/control/control/decommission
Endpoint to decommission an indexer cluster peer node.
POST
Decommission a peer node.
Returned values
None
Example request and response
XML Request
curl -k -u admin:pass https://indexer:8089/services/cluster/peer/control/control/decommission -X POST
XML Response
<title>clusterpeercontrol</title> <id>https://10.141.66.19:46772/services/cluster/peer/control</id> <updated>2018-04-01T21:23:46+00:00</updated> <generator build="b233a6c1ade2" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/peer/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/peer/control/control/re-add-peer
https://<host>:<mPort>/services/cluster/peer/control/control/re-add-peer
Set the peer to re-add itself to the manager. This syncs the peer's state, including its in-memory bucket state, to the manager. By default, this resets the peer's primary bucket copies and the manager reassigns them across the cluster. To keep the peer's existing primary bucket copies, use the optional clearMasks=false
parameter.
This endpoint can be useful when the manager and the peer have a state mismatch, for example when bucket information is not in sync between them.
POST
Re-add the cluster indexer to the cluster manager.
Request parameters
Name | Type | Default | Description |
---|---|---|---|
clearMasks | Boolean. Use true or false .
|
true
|
Optional. Indicates whether the manager should reassign all primary bucket copies across all peers. The default true value prompts the manager to reassign all primary bucket copies across all peers. Use false to re-add the peer but keep the existing primary bucket copies.
|
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/cluster/peer/control/control/re-add-peer -d clearMasks=false -X POST
XML Response
<title>clusterpeercontrol</title> <id>https://localhost:8089/services/cluster/peer/control</id> <updated>2015-11-06T18:08:54-08:00</updated> <generator build="802b4ea159bb584c629dcdb8ba57c409b1d5b7ab" version="20151030"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/peer/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/peer/control/control/set_detention_override
https://<host>:<mPort>/services/cluster/peer/control/control/set_manual_detention
Deprecated. Use /set_manual_detention
to manage peer node manual detention mode.
cluster/peer/control/control/set_manual_detention
https://<host>:<mPort>/services/cluster/peer/control/control/set_manual_detention
If you have Splunk Enterprise, you can use this endpoint to put the peer node in manual detention mode or take the peer out of this mode. In manual detention, the peer does not serve as a replication target. Detention helps slow the growth of disk usage on the peer.
Note:
- This endpoint replaces the
/set_detention_override
endpoint. - Starting with Splunk Enterprise software version 6.5, manual detention persists through restarts.
- For more information, see Put a peer in detention in Managing Indexers and Clusters of Indexers.
POST
Adjust cluster peer detention mode.
Request parameters
Name | Type | Description |
---|---|---|
manual_detention | Use one of the following values.
|
Enable or disable manual detention. Opt to close data ports or leave them open when manual detention is enabled. |
Returned values
None
Example request and response
XML Request
curl -k -u admin:password https://localhost:8089/services/cluster/peer/control/control/set_manual_detention -d manual_detention=on
XML Response
. . . <title>clusterpeercontrol</title> <id>https://localhost:8089/services/cluster/peer/control</id> <updated>2016-11-15T20:33:01-08:00</updated> <generator build="f3ca72fbf1234a98e7a5af9d073ae698f2e64de6" version="20161115"/> <author> <name>Splunk</name> </author> <link href="/services/cluster/peer/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
cluster/peer/info
https://<host>:<mPort>/services/cluster/peer/info
Access cluster peer node information.
GET
List peer information.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
active_bundle | Current bundle being used by this peer. |
base_generation_id | The initial bundle generation ID recognized by this peer. Any searches from previous generations fail.
The initial bundle generation ID is created when a peer first comes online, restarts, or recontacts the manager. |
invalid_bundle_ids | List of bundle ids with validation errors in the peer. |
is_registered | Indicates if this peer is registered with the manager in the cluster. |
last_heartbeat_attempt | Timestamp for the last attempt to contact the manager. |
latest_bundle | Lists information about the most recent bundle downloaded from the manager. |
restart_state | Indicates whether the peer needs to be restarted to enable its cluster configuration. |
status | Indicates the status of the peer. One of the following values.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/cluster/peer/info
XML Response
. . . <title>clusterpeerinfo</title> <id>https://localhost:8189/services/cluster/peer/info</id> <updated>2012-09-05T12:45:59-07:00</updated> <generator build="136169" version="5.0"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>peer</title> <id>https://localhost:8189/services/cluster/peer/info/peer</id> <updated>2012-09-05T12:45:59-07:00</updated> <link href="/services/cluster/peer/info/peer" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/cluster/peer/info/peer" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="active_bundle"> <s:dict> <s:key name="bundle_path">/Applications/splunk-peer/var/run/splunk/cluster/remote-bundle/0f6078895127ab1f715ee78a6e1ff8a1-1346858928.bundle</s:key> <s:key name="checksum">36a883f4d47af66f78531ef474349b59</s:key> <s:key name="timestamp">1346858928</s:key> </s:dict> </s:key> <s:key name="base_generation_id">2</s:key> ... eai:acl node elided ... <s:key name="invalid_bundle_ids"> <s:list/> </s:key> <s:key name="is_registered">1</s:key> <s:key name="last_heartbeat_attempt">1346874358</s:key> <s:key name="latest_bundle"> <s:dict> <s:key name="bundle_path">/Applications/splunk-peer/var/run/splunk/cluster/remote-bundle/0f6078895127ab1f715ee78a6e1ff8a1-1346858928.bundle</s:key> <s:key name="checksum">36a883f4d47af66f78531ef474349b59</s:key> <s:key name="timestamp">1346858928</s:key> </s:dict> </s:key> <s:key name="restart_state">NoRestart</s:key> <s:key name="status">Up</s:key> </s:dict> </content> </entry>
Search head cluster endpoints
The endpoints in this section pertain to search head clusters.
All endpoints contain shcluster
in their URIs pertain to search head clusters. For more information about search head clustering architecture, see Search head clustering architecture in the Distributed Search manual.
replication/configuration/health
https://<host>:<mPort>/services/replication/configuration/health
Access configuration replication health statistics for a search head cluster.
GET
Access the configuration replication health statistics for a search head cluster.
Request parameters
Name | Type | Description |
---|---|---|
bookmark | Boolean | Use this parameter with a GET request on the captain. Set to 1 to list the most recent changesets that members pulled from the captain. A timestamp is also returned for each changeset.
|
check_share_baseline | Boolean | Set to 1 to check for a shared baseline among members. This parameter can be used with a request on any member, including the captain.
|
unpublished | Boolean | Set to 1 to check for unpublished changes on members. Use this parameter with a request on a member to check if the member has any changes that have not been pushed to the captain.
|
Returned values
Values returned depend on the request parameters used.
bookmark
Name | Description |
---|---|
[server_name]
|
For each [server_name] member, a changeset and timestamp are shown, indicating when the [server_name] member last pulled this set of configuration changes from the captain.
|
Example request and response
curl -k -u admin:pass https://localhost:8089/services/replication/configuration/health?bookmark=1
... <entry> <title>bookmark</title> <id>https://localhost:11089/services/replication/configuration/health/bookmark</id> <updated>2016-08-08T17:08:25-07:00</updated> <link href="/services/replication/configuration/health/bookmark" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="https://localhost:11089">CaptainDummyOpId: Mon Aug 8 16:08:55 2016</s:key> <s:key name="https://localhost:8089">2d9e86111eb4a377c60563f93ea5274de8b9c438: Mon Aug 8 17:08:22 2016</s:key> <s:key name="https://localhost:9089">2d9e86111eb4a377c60563f93ea5274de8b9c438: Mon Aug 8 17:08:22 2016</s:key> </s:dict> </content> </entry>
check_share_baseline
Application usage
This parameter compares the baseline between the current instance, on which the GET request is made, with the baseline of other members. From each of the other members, the system retrieves the oldest changeset that is not more than 23 hours old and therefore safe from purging. The system then tries to find that changeset in the current instance's local changeset repository. If the changeset is found in the local repository, then the current instance and the member share a baseline.
Establishing a shared baseline between a captain and members is a prerequisite for successful configuration replication.
Name | Description |
---|---|
check_share_baseline | One of the following values is returned for each of the other members.
|
server_name | Name for the member whose baseline is being compared to the current instance. |
Example request and response
curl -k -u admin:pass https://localhost:11089/services/replication/configuration/health?check_share_baseline=1
... <title>health</title> <id>https://localhost:11089/services/replication/configuration/health</id> <updated>2016-08-09T15:51:06-07:00</updated> <generator build="99005df760a86096252bb6b287ad7a6f3149a218" version="20160805"/> <author> <name>Splunk</name> </author> <entry> <title>https://localhost:8089</title> <id>https://localhost:11089/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A8089</id> <updated>2016-08-09T15:51:06-07:00</updated> <link href="/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A8089" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="check_share_baseline">Yes</s:key> <s:key name="server_name">yxu-mbp15-node2</s:key> </s:dict> </content> </entry> <entry> <title>https://localhost:9089</title> <id>https://localhost:11089/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A9089</id> <updated>2016-08-09T15:51:06-07:00</updated> <link href="/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A9089" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="check_share_baseline">Yes</s:key> <s:key name="server_name"> localhost-node3</s:key> </s:dict> </content> </entry> <entry> <title>https://localhost:11089</title> <id>https://localhost:11089/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A11089</id> <updated>2016-08-09T15:51:06-07:00</updated> <link href="/services/replication/configuration/health/https%3A%2F%2Flocalhost%3A11089" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="check_share_baseline">Yes</s:key> <s:key name="server_name"> localhost-node1</s:key> </s:dict> </content> </entry> ...
unpublished
A Number of unpublished changes
key is returned with one of the following values.
Name | Description |
---|---|
0
|
All changes on this cluster member have been pushed to the captain. There are no unpublished changes on this member. |
0 (This instance is the captain)
|
This message is returned when requesting unpublished status on the captain. The captain is always in sync with itself, so there are no unpublished changes.
|
[Number greater than 0]
|
The number unpublished local changes on this member. Changes are held until the next replication occurs. The node is still healthy in this case. |
No captain is available
|
The search head cluster does not currently have a captain. |
Missing common baseline with the captain
|
This member might be out of sync with the captain if this message persists after several replication periods. This message can also appear during a transition period, for example, when a captain is switched or a member is manually resynced. On a healthy search head cluster, the |
Example request and response
curl -k -u admin:pass https://localhost:11089/services/replication/configuration/health?unpublished=1
<title>health</title> <id>https://localhost:8089/services/replication/configuration/health</id> <updated>2016-08-09T13:14:16-07:00</updated> <generator build="99005df760a86096252bb6b287ad7a6f3149a218" version="20160805"/> <author> <name>Splunk</name> </author> <entry> <title>unpublished</title> <id>https://localhost:8089/services/replication/configuration/health/unpublished</id> <updated>2016-08-09T13:14:16-07:00</updated> <link href="/services/replication/configuration/health/unpublished" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="Number of unpublished changes">0</s:key> </s:dict> </content> </entry>
replication/configuration/quarantined-assets
https://<host>:<mPort>/services/replication/configuration/quarantined-assets
Access information about quarantined lookups in a search head cluster.
GET
Access information about quarantined lookups in a search head cluster.
Request parameters
None
Returned values
Name | Description |
---|---|
assetName | The name of the quarantined CSV lookup. |
quarantined_at_host | The URL of the search head cluster member on which the lookup is quarantined. |
quarantined_at | Seconds since epoch. |
lookup_size | The size of the quarantined lookup in Bytes. |
Example request and response
curl -k -u admin:pass https://localhost:8090/services/replication/configuration/quarantined-assets
... <title>quarantined-assets</title> <id>https://localhost:8090/services/replication/configuration/quarantined-assets/quarantined-assets</id> <updated>1970-01-01T00:00:00+00:00</updated> <link href="/services/replication/configuration/quarantined-assets/quarantined-assets" rel="alternate"/> <content type="text/xml"> <s:dict> <s:key name="assetId">b4c9340713a5dd8c61105b05acea79fbbd3fc98d</s:key> <s:key name="assetURI">/nobody/search/lookups/test.csv</s:key> <s:key name="user">nobody</s:key> <s:key name="app">search</s:key> <s:key name="assetType">lookups</s:key> <s:key name="assetName">test.csv</s:key> <s:key name="quarantineInfo">[ {quarantined_at_host=https://localhost:8090, quarantined_at=1724885036, lookup_size=30246329, quarantine_reason=large_lookup} ]</s:key> </s:dict> </content>
shcluster/captain/artifacts
https://<host>:<mPort>/services/shcluster/captain/artifacts
Provides list of artifacts and replicas currently managed by the captain across a searchhead cluster.
This endpoint can only be accessed on the captain. The response lists all artifacts that are currently resident on the set of search head cluster members.
An artifact in search head clustering is a managed search directory. Currently, only scheduled search results directories are managed and replicated according to replication policy.
- Note: Ad hoc searches are not considered artifacts and are not listed.
GET
Lists searchhead cluster artifacts and replicas.
Request parameters
Name | Type | Description |
---|---|---|
remote_sids | Bool | Required. Set this to true to return the searches that the captain is seeing. Will include adhoc searches on remote members. |
Returned values
Name | Description |
---|---|
artifact_size | Artifact size, in bytes. |
origin_guid | Guid of the origin peer where this artifact was created/search was run. |
peers | Lists information about replicas of this artifact on members of this searchhead cluster. |
service_after_time | Artifact service/fixup is deferred until after this time. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/captain/artifacts
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustercaptainartifacts</title> <id>https://localhost:8089/services/shcluster/captain/artifacts</id> <updated>2014-10-15T08:44:41-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/artifacts/_new" rel="create"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:44:41-07:00</updated> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="artifact_size">282624</s:key> ... eai:acl node elided ... <s:key name="origin_guid">88888888-8888-8888-8888-888888888888</s:key> <s:key name="peers"> <s:dict> <s:key name="88888888-8888-8888-8888-888888888888"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/searchhead/var/run/splunk/dispatch/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="99999999-9999-9999-9999-999999999999"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/dash/var/run/splunk/dispatch/rsa_scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:44:41-07:00</updated> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="artifact_size">282624</s:key> ... eai:acl node elided ... <s:key name="origin_guid">88888888-8888-8888-8888-888888888888</s:key> <s:key name="peers"> <s:dict> <s:key name="88888888-8888-8888-8888-888888888888"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/searchhead/var/run/splunk/dispatch/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="99999999-9999-9999-9999-999999999999"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/dash/var/run/splunk/dispatch/rsa_scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:44:41-07:00</updated> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="artifact_size">253952</s:key> ... eai:acl node elided ... <s:key name="origin_guid">88888888-8888-8888-8888-888888888888</s:key> <s:key name="peers"> <s:dict> <s:key name="88888888-8888-8888-8888-888888888888"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/searchhead/var/run/splunk/dispatch/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="99999999-9999-9999-9999-999999999999"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/dash/var/run/splunk/dispatch/rsa_scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387300_288_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:44:41-07:00</updated> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/captain/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="artifact_size">253952</s:key> ... eai:acl node elided ... <s:key name="origin_guid">88888888-8888-8888-8888-888888888888</s:key> <s:key name="peers"> <s:dict> <s:key name="88888888-8888-8888-8888-888888888888"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/searchhead/var/run/splunk/dispatch/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="99999999-9999-9999-9999-999999999999"> <s:dict> <s:key name="directory_path">/home/svasan/splunk/dash/var/run/splunk/dispatch/rsa_scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387600_289_88888888-8888-8888-8888-888888888888</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="service_after_time">0</s:key> </s:dict> </content> </entry> </feed>
shcluster/captain/artifacts/{name}
https://<host>:<mPort>/services/shcluster/captain/artifacts/{name}
Get artifact information for a specific artifact.
GET
Get artifact information, size, replicas and earliest service time.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | ! Description |
---|---|
artifact_size | Artifact size, in bytes. |
origin_guid | Guid of the origin peer where this artifact was created. |
peers | Lists information about artifacts on members of this captain. |
service_after_time | Artifact service is deferred until after this time. |
Example request and response
XML Request
curl -k -u admin:pass https://locahost:8089/services/shcluster/captain/artifacts/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111
XML Response
<title>shclustercaptainartifacts</title> <id>https://localhost:8089/services/shcluster/captain/artifacts</id> <updated>2016-07-22T13:39:03-07:00</updated> <generator build="d6d01722fce508a9e2f032d36d8d6a445b7d6292" version="20160721"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/artifacts/_new" rel="create"/> <link href="/services/shcluster/captain/artifacts/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111</title> <id>https://localhost:8089/services/shcluster/captain/artifacts/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111</id> <updated>2016-07-22T13:39:03-07:00</updated> <link href="/services/shcluster/captain/artifacts/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/artifacts/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111" rel="list"/> <link href="/services/shcluster/captain/artifacts/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111" rel="remove"/> <content type="text/xml"> <s:dict> <s:key name="artifact_size">77824</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="eai:acl.app">simplexml</s:key> <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list/> </s:key> <s:key name="requiredFields"> <s:list/> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="label">timechart_scheduled</s:key> <s:key name="origin_guid">11111111-1111-1111-1111-111111111111</s:key> <s:key name="peers"> <s:dict> <s:key name="11111111-1111-1111-1111-111111111111"> <s:dict> <s:key name="directory_path">/home/user/home_1/var/run/splunk/dispatch/scheduler__nobody__simplexml__RMD5dc07327042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> <s:key name="33333333-3333-3333-3333-333333333333"> <s:dict> <s:key name="directory_path">/home/user/home_3/var/run/splunk/dispatch/rsa_scheduler__nobody__simplexml__RMD5dc07359042a35a17_at_1469214000_37_11111111-1111-1111-1111-111111111111</s:key> <s:key name="status">Complete</s:key> </s:dict> </s:key> </s:dict> </s:key> <s:key name="perms">read : [ *, splunk-system-user ], write : [ admin, power, splunk-system-user ]</s:key> <s:key name="service_after_time">0</s:key> <s:key name="user">splunk-system-user</s:key> </s:dict> </content> </entry> </feed>
shcluster/captain/control/default/restart
https://<host>:<mPort>/services/shcluster/captain/control/default/restart
Endpoint to initiate rolling restart of a search head cluster.
POST
Initiates rolling restart of a search head cluster
Request parameters
Name | Type | Description |
---|---|---|
searchable | Boolean | Maintain high search availability during a rolling restart. |
force | Boolean | Override health check failures to continue searchable rolling restart. |
decommission_search_jobs_wait_secs | Integer | Maximum time in secs that searchable rolling restart waits
for existing searches to finish. Default: 180 secs. |
Returned values
None
Example request and response
XML Request
curl -k -u admin:password https://localhost:8089/services/shcluster/captain/control/default/restart -d searchable=1 -d force=1 -d decommission_search_jobs_wait_secs=30 -X POST
XML Response
<title>shclustercaptaincontrol</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control</id> <updated>2018-03-29T12:08:09-07:00</updated> <generator build="d75793dbca24" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Restart of search head cluster members initiated.</s:msg> </s:messages> <entry> <title>restart</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control/restart</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/shcluster/captain/control/restart" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/control/restart" rel="list"/> <link href="/services/shcluster/captain/control/restart" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="msg">Searchable rolling restarted cannot be started without captain status = Up, check status through "splunk show shcluster-status".</s:key> <s:key name="success">0</s:key> </s:dict> </content> </entry>
shcluster/captain/control/control/rotate-splunk-secret
https://<host>:<mPort>/services/shcluster/captain/control/control/rotate-splunk-secret
Rotates the splunk.secret
file on all nodes of a search head cluster.
POST
Rotates the splunk.secret
file on all nodes of a search head cluster.
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/shcluster/captain/control/control/rotate-splunk-secret -X POST
XML Response
shcluster/captain/control/control/upgrade-init
https://<host>:<mPort>/services/shcluster/captain/control/control/upgrade-init
Initializes a search head cluster rolling upgrade.
POST
Initializes a search head cluster rolling upgrade.
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/shcluster/captain/control/control/upgrade-init -X POST
XML Response
<title>shclustercaptaincontrol</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control</id> <updated>2018-03-29T12:02:54-07:00</updated> <generator build="d75793dbca24" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Upgrade of search head cluster members initiated.</s:msg> </s:messages> <entry> <title>upgrade-init</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control/upgrade-init</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/shcluster/captain/control/upgrade-init" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/control/upgrade-init" rel="list"/> <link href="/services/shcluster/captain/control/upgrade-init" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="success">1</s:key> <s:key name="upgrade">yes</s:key> </s:dict> </content> </entry>
shcluster/captain/control/control/upgrade-finalize
https://<host>:<mPort>/services/shcluster/captain/control/control/upgrade-finalize
Finishes a search head cluster rolling upgrade.
POST
Finishes a search head cluster rolling upgrade.
Returned values
None
Example request and response
XML Request
curl -k -u admin:changeme https://localhost:8089/services/shcluster/captain/control/control/upgrade-finalize -X POST
XML Response
<title>shclustercaptaincontrol</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control</id> <updated>2018-03-29T12:06:47-07:00</updated> <generator build="d75793dbca24" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/control/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages> <s:msg type="INFO">Upgrade of search head cluster members finalized.</s:msg> </s:messages> <entry> <title>upgrade-finalize</title> <id>https://10.222.21.58:8089/services/shcluster/captain/control/upgrade-finalize</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/shcluster/captain/control/upgrade-finalize" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/control/upgrade-finalize" rel="list"/> <link href="/services/shcluster/captain/control/upgrade-finalize" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="success">1</s:key> <s:key name="upgrade">no</s:key> </s:dict> </content> </entry>
shcluster/captain/info
https://<host>:<mPort>/services/shcluster/captain/info
Access information about searchhead cluster captain node.
GET
List searchhead cluster captain node details.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
elected_captain | Time when the current captain was elected |
id | Id of this SH cluster. This is used as the unique identifier for the Search Head Cluster in bundle replication and acceleration summary management. |
initialized_flag | Indicates if the searchhead cluster is initialized. |
label | The name for the captain. Displayed on the Splunk Web manager page. |
maintenance_mode | Indicates if the cluster is in maintenance mode. |
min_peers_joined_flag | Flag to indicate if more then replication_factor peers have joined the cluster. |
peer_scheme_host_port | URI of the current captain. |
rolling_restart_flag | Indicates whether the captain is restarting the members in a searchhead cluster. |
service_ready_flag | Indicates whether the captain is ready to begin servicing, based on whether it is initialized. |
start_time | Timestamp corresponding to the creation of the captain. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/shcluster/captain/info
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustercaptaininfo</title> <id>https://localhost:8089/services/shcluster/captain/info</id> <updated>2014-10-15T08:45:25-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>captain</title> <id>https://localhost:8089/services/shcluster/captain/info/captain</id> <updated>2014-10-15T08:45:25-07:00</updated> <link href="/services/shcluster/captain/info/captain" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/info/captain" rel="list"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="elected_captain">1413307273</s:key> <s:key name="id">BB3116C0-73B9-459A-B473-254A18A69776</s:key> <s:key name="initialized_flag">1</s:key> <s:key name="label">searchhead</s:key> <s:key name="maintenance_mode">0</s:key> <s:key name="min_peers_joined_flag">1</s:key> <s:key name="peer_scheme_host_port">https://localhost:55569</s:key> <s:key name="rolling_restart_flag">0</s:key> <s:key name="service_ready_flag">1</s:key> <s:key name="start_time">1413307203</s:key> </s:dict> </content> </entry> </feed>
shcluster/captain/jobs
https://<host>:<mPort>/services/shcluster/captain/jobs
List running and recently finished jobs for all cluster members.
GET
List running and recently finished jobs for this cluster.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
For each job:
Name | Description |
---|---|
ATTEMPT_[n] | dispatch_time - The UTC time of dispatch for the job errormsg - If the job failed, capturing the reason for failure peer - GUID of the member that the job was sent to sid - the search id of this attempt success - a boolean for success/failure of the job |
job_state | Job State can be SCHEDULED/DISPATCHED/COMPLETED. A SCHEDULED job has been received by the captain from the scheduler to schedule. A DISPATCHED job has started to run on a remote member. A COMPLETED job has finished running on the remote member. |
saved_search | The name of the saved-search from the associated savedsearches.conf file. |
savedsearchtype | The scheduler manages three kinds of scheduled jobs, regular savedsearch for both realtime and historical, autosummary report acceleration build searches, and tsidx tsidx build searches. |
search_app | The application in which the savedsearch was created. |
search_owner | The owner of the saved search. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/shcluster/captain/jobs
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustercaptainjobs</title> <id>https://localhost:8089/services/shcluster/captain/jobs</id> <updated>2014-10-15T08:47:50-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/jobs/_new" rel="create"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>savedsearch_Alert - syslog errors last hour_1087026166</title> <id>https://localhost:8089/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_1087026166</id> <updated>2014-10-15T08:47:50-07:00</updated> <link href="/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_1087026166" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_1087026166" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="ATTEMPT_1"> <s:dict> <s:key name="dispatch_time">1413363600</s:key> <s:key name="errormsg">error response peer=https://wimpy.splunk.com:55560 rc=404 reason='<?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Application does not exist: SA-nix</msg> </messages> </response> '</s:key> <s:key name="peer">99999999-9999-9999-9999-999999999999</s:key> <s:key name="sid">NO_SID_RECEIVED_YET</s:key> <s:key name="success">0</s:key> </s:dict> </s:key> <s:key name="ATTEMPT_2"> <s:dict> <s:key name="dispatch_time">1413363600</s:key> <s:key name="peer">88888888-8888-8888-8888-888888888888</s:key> <s:key name="sid">scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413363600_203_88888888-8888-8888-8888-888888888888</s:key> <s:key name="success">1</s:key> </s:dict> </s:key> ... eai:acl node elided ... <s:key name="job_state">COMPLETED</s:key> <s:key name="saved_search">Alert - syslog errors last hour</s:key> <s:key name="savedsearchtype">savedsearch</s:key> <s:key name="search_app">SA-nix</s:key> <s:key name="search_owner">admin</s:key> </s:dict> </content> </entry> <entry> <title>savedsearch_Alert - syslog errors last hour_11648853</title> <id>https://localhost:8089/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_11648853</id> <updated>2014-10-15T08:47:50-07:00</updated> <link href="/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_11648853" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/jobs/savedsearch_Alert%20-%20syslog%20errors%20last%20hour_11648853" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="ATTEMPT_1"> <s:dict> <s:key name="dispatch_time">1413316800</s:key> <s:key name="errormsg">error response peer=https://wimpy.splunk.com:55560 rc=404 reason='<?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Application does not exist: SA-nix</msg> </messages> </response> '</s:key> <s:key name="peer">99999999-9999-9999-9999-999999999999</s:key> <s:key name="sid">NO_SID_RECEIVED_YET</s:key> <s:key name="success">0</s:key> </s:dict> </s:key> <s:key name="ATTEMPT_2"> <s:dict> <s:key name="dispatch_time">1413316800</s:key> <s:key name="peer">88888888-8888-8888-8888-888888888888</s:key> <s:key name="sid">scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413316800_34_88888888-8888-8888-8888-888888888888</s:key> <s:key name="success">1</s:key> </s:dict> </s:key> ... eai:acl node elided ... <s:key name="job_state">COMPLETED</s:key> <s:key name="saved_search">Alert - syslog errors last hour</s:key> <s:key name="savedsearchtype">savedsearch</s:key> <s:key name="search_app">SA-nix</s:key> <s:key name="search_owner">admin</s:key> </s:dict> </content> </entry> . . . <entry> <title>savedsearch_fired_alerts_1050236433</title> <id>https://localhost:8089/services/shcluster/captain/jobs/savedsearch_fired_alerts_1050236433</id> <updated>2014-10-15T08:47:50-07:00</updated> <link href="/services/shcluster/captain/jobs/savedsearch_fired_alerts_1050236433" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/jobs/savedsearch_fired_alerts_1050236433" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="ATTEMPT_1"> <s:dict> <s:key name="dispatch_time">1413308100</s:key> <s:key name="errormsg">error response peer=https://wimpy.splunk.com:55560 rc=404 reason='<?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Application does not exist: SA-nix</msg> </messages> </response> '</s:key> <s:key name="peer">99999999-9999-9999-9999-999999999999</s:key> <s:key name="sid">NO_SID_RECEIVED_YET</s:key> <s:key name="success">0</s:key> </s:dict> </s:key> <s:key name="ATTEMPT_2"> <s:dict> <s:key name="dispatch_time">1413308100</s:key> <s:key name="peer">88888888-8888-8888-8888-888888888888</s:key> <s:key name="sid">scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413308100_2_88888888-8888-8888-8888-888888888888</s:key> <s:key name="success">1</s:key> </s:dict> </s:key> ... eai:acl node elided ... <s:key name="job_state">COMPLETED</s:key> <s:key name="saved_search">fired_alerts</s:key> <s:key name="savedsearchtype">savedsearch</s:key> <s:key name="search_app">SA-nix</s:key> <s:key name="search_owner">admin</s:key> </s:dict> </content> </entry> </feed>
shcluster/captain/jobs/{name}
https://<host>:<mPort>/services/shcluster/captain/jobs/{name}
GET
Get running and recently finished jobs for {name} cluster.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
ATTEMPT_[n] | dispatch_time - The UTC time of dispatch for the job errormsg - If the job failed, capturing the reason for failure peer - GUID of the member that the job was sent to sid - the search id of this attempt success - a boolean for success/failure of the job |
job_state | Job State can be SCHEDULED/DISPATCHED/COMPLETED. A SCHEDULED job has been received by the captain from the scheduler to schedule. A DISPATCHED job has started to run on a remote member. A COMPLETED job has finished running on the remote member. |
saved_search | The name of the saved-search from the associated savedsearches.conf file. |
savedsearchtype | The scheduler manages three kinds of scheduled jobs, regular savedsearch for both realtime and historical, autosummary report acceleration build searches, and tsidx tsidx build searches. |
search_app | The application in which the savedsearch was created. |
search_owner | The owner of the saved search. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/shcluster/captain/jobs/scheduled_sample%20scheduled%20search%20for%20dashboards%20%28existing%20job%20case%29%20timechart_12944444515
XML Response
<title>shclustercaptainjobs</title> <id>https://localhost:8089/services/shcluster/captain/jobs</id> <updated>2016-07-22T13:56:18-07:00</updated> <generator build="d6d01722fce508a9e2f032d36d8d6a445b7d6292" version="20160721"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/jobs/_new" rel="create"/> <link href="/services/shcluster/captain/jobs/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>scheduled_sample scheduled search for dashboards (existing job case) timechart_1290934515</title> <id>https://localhost:8089/services/shcluster/captain/jobs/scheduled_sample%20scheduled%20search%20for%20dashboards%20%28existing%20job%20case%29%20timechart_1290934515</id> <updated>2016-07-22T13:56:18-07:00</updated> <link href="/services/shcluster/captain/jobs/scheduled_sample%20scheduled%20search%20for%20dashboards%20%28existing%20job%20case%29%20timechart_1294444515" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/jobs/scheduled_sample%20scheduled%20search%20for%20dashboards%20%28existing%20job%20case%29%20timechart_12904444515" rel="list"/> <link href="/services/shcluster/captain/jobs/scheduled_sample%20scheduled%20search%20for%20dashboards%20%28existing%20job%20case%29%20timechart_12909444515" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="dispatch_time">1469214120</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list/> </s:key> <s:key name="requiredFields"> <s:list/> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="job_state">COMPLETED</s:key> <s:key name="peer">11111111-1111-1111-1111-111111111111</s:key> <s:key name="peer_scheme_host_port">https://wimpy:13221</s:key> <s:key name="peer_servername">home-1</s:key> <s:key name="saved_search">sample scheduled search for dashboards (existing job case) timechart</s:key> <s:key name="savedsearchtype">scheduled</s:key> <s:key name="search_app">testing</s:key> <s:key name="search_owner">nobody</s:key> <s:key name="sid">scheduler__nobody__testing__RMD5058c22ce2c07889b_at_1469214120_39_11111111-1111-1111-1111-111111111111</s:key> <s:key name="success">1</s:key> </s:dict> </content> </entry>
shcluster/captain/members
https://<host>:<mPort>/services/shcluster/captain/members
Lists the search head cluster members.
GET
List cluster members.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
adhoc_searchhead | Flag to indicate if this member does not run scheduled searches. |
advertise_restart_required | Flag to indicate if this peer advertised that it needed a restart. |
artifact_count | Number of artifacts on this peer |
delayed_artifacts_to_discard | List of artifacts waiting to be deleted from this peer. |
fixup_set | N/A |
host_port_pair | The host and management port advertised by this peer. |
kv_store_host_port | Host and port of the kv store instance of this member. |
label | The name for this member. Displayed on the Splunk Web manager page. |
last_heartbeat | Timestamp for last heartbeat recieved from the peer |
peer_scheme_host_port | URI of the current captain. |
pending_job_count | Used by the captain to keep track of pending jobs requested by the captain to this member. |
replication_count | Number of replications this peer is part of, as either source or target. |
replication_port | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
site | N/A |
status | Indicates the status of the member. Possible values are the following.
|
status_counter | Lists the number of buckets on the peer for each bucket status. Possible values are the following.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/shcluster/captain/members
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustercaptainmembers</title> <id>https://localhost:8089/services/shcluster/captain/members</id> <updated>2014-10-15T08:49:34-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/members/_new" rel="create"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/captain/members/88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:49:34-07:00</updated> <link href="/services/shcluster/captain/members/88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/members/88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/captain/members/88888888-8888-8888-8888-888888888888" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="adhoc_searchhead">0</s:key> <s:key name="advertise_restart_required">0</s:key> <s:key name="artifact_count">4</s:key> <s:key name="delayed_artifacts_to_discard"> <s:list/> </s:key> ... eai:acl node elided ... <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="host_port_pair">localhost:8089</s:key> <s:key name="kv_store_host_port">?</s:key> <s:key name="label">searchhead</s:key> <s:key name="last_heartbeat">1413388171</s:key> <s:key name="peer_scheme_host_port">https://localhost:8089</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">3456</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="site">site2</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">4</s:key> <s:key name="PendingDiscard">0</s:key> </s:dict> </s:key> </s:dict> </content> </entry> <entry> <title>99999999-9999-9999-9999-999999999999</title> <id>https://localhost:8089/services/shcluster/captain/members/99999999-9999-9999-9999-999999999999</id> <updated>2014-10-15T08:49:34-07:00</updated> <link href="/services/shcluster/captain/members/99999999-9999-9999-9999-999999999999" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/members/99999999-9999-9999-9999-999999999999" rel="list"/> <link href="/services/shcluster/captain/members/99999999-9999-9999-9999-999999999999" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="adhoc_searchhead">0</s:key> <s:key name="advertise_restart_required">0</s:key> <s:key name="artifact_count">4</s:key> <s:key name="delayed_artifacts_to_discard"> <s:list/> </s:key> ... eai:acl node elided ... <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="host_port_pair">wimpy.splunk.com:55560</s:key> <s:key name="kv_store_host_port">?</s:key> <s:key name="label">manager</s:key> <s:key name="last_heartbeat">1413388171</s:key> <s:key name="peer_scheme_host_port">https://wimpy.splunk.com:55560</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">55570</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="site">site1</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">4</s:key> <s:key name="NonStreamingTarget">0</s:key> <s:key name="PendingDiscard">0</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
shcluster/captain/members/{name}
https://<host>:<mPort>/services/shcluster/captain/members/{name}
Get information about the {name} searchhead cluster member.
GET
Get information about the {name} searchhead cluster member.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
adhoc_searchhead | Flag to indicate if this member does not run scheduled searches. |
advertise_restart_required | Flag to indicate if this peer advertised that it needed a restart. |
artifact_count | Number of artifacts on this peer. |
delayed_artifacts_to_discard | List of artifacts waiting to be deleted from this peer. |
fixup_set | N/A |
host_port_pair | The host and management port advertised by this peer. |
kv_store_host_port | Host and port of the kv store instance of this member. |
label | The name for this member. Displayed on the Splunk Web manager page. |
last_heartbeat | Timestamp for last heartbeat recieved from the peer |
peer_scheme_host_port | URI of the current captain. |
pending_job_count | Used by the manager to keep track of pending jobs requested by the manager to this peer. |
replication_count | Number of replications this peer is part of, as either source or target. |
replication_port | TCP port to listen for replicated data from another cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
site | N/A |
status | Indicates the status of the member.
Possible values are the following.
|
status_counter | Lists the number of buckets on the peer for each bucket status. Possible values are the following.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8089/services/shcluster/captain/members/33333333-3333-3333-3333-333333333333
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustercaptainmembers</title> <id>https://wimpy:13221/services/shcluster/captain/members</id> <updated>2016-07-22T14:12:50-07:00</updated> <generator build="d6d01722fce508a9e2f032d36d8d6a445b7d6292" version="20160721"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/captain/members/_new" rel="create"/> <link href="/services/shcluster/captain/members/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>33333333-3333-3333-3333-333333333333</title> <id>https://localhost:8089/services/shcluster/captain/members/33333333-3333-3333-3333-333333333333</id> <updated>2016-07-22T14:12:50-07:00</updated> <link href="/services/shcluster/captain/members/33333333-3333-3333-3333-333333333333" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/captain/members/33333333-3333-3333-3333-333333333333" rel="list"/> <link href="/services/shcluster/captain/members/33333333-3333-3333-3333-333333333333" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="adhoc_searchhead">0</s:key> <s:key name="advertise_restart_required">0</s:key> <s:key name="artifact_count">6</s:key> <s:key name="delayed_artifacts_to_discard"> <s:list/> </s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="eai:attributes"> <s:dict> <s:key name="optionalFields"> <s:list> <s:item>advertise_restart_required</s:item> <s:item>advertise_restart_required_reason</s:item> <s:item>alert_csv</s:item> <s:item>alert_csv_epoch</s:item> <s:item>artifacts_location_csv</s:item> <s:item>completed_summaries</s:item> <s:item>last_oaep</s:item> <s:item>last_osep</s:item> <s:item>partial_alert_delta</s:item> <s:item>partial_suppression_delta</s:item> <s:item>peer_load_stats_gla_15m</s:item> <s:item>peer_load_stats_gla_1m</s:item> <s:item>peer_load_stats_gla_5m</s:item> <s:item>peer_load_stats_max_runtime</s:item> <s:item>peer_load_stats_num_autosummary</s:item> <s:item>peer_load_stats_num_historical</s:item> <s:item>peer_load_stats_num_realtime</s:item> <s:item>peer_load_stats_num_running</s:item> <s:item>peer_load_stats_total_runtime</s:item> <s:item>peer_pid</s:item> <s:item>scheduler_disabled</s:item> <s:item>suppression_csv</s:item> <s:item>suppression_csv_epoch</s:item> </s:list> </s:key> <s:key name="requiredFields"> <s:list> <s:item>last_artifact_log_entry_processed</s:item> <s:item>last_si_entry_processed</s:item> <s:item>mgmt_port</s:item> <s:item>peer_load_stats</s:item> <s:item>queue_blocked_count</s:item> </s:list> </s:key> <s:key name="wildcardFields"> <s:list/> </s:key> </s:dict> </s:key> <s:key name="fixup_set"> <s:list/> </s:key> <s:key name="host_port_pair">wimpy:13223</s:key> <s:key name="is_captain">0</s:key> <s:key name="kv_store_host_port">wimpy:18323</s:key> <s:key name="label">wimpy-3</s:key> <s:key name="last_heartbeat">1469221966</s:key> <s:key name="mgmt_uri">https://wimpy:13223</s:key> <s:key name="no_artifact_replications">0</s:key> <s:key name="peer_scheme_host_port">https://wimpy:13223</s:key> <s:key name="pending_job_count">0</s:key> <s:key name="preferred_captain">1</s:key> <s:key name="replication_count">0</s:key> <s:key name="replication_port">12243</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="site">default</s:key> <s:key name="status">Up</s:key> <s:key name="status_counter"> <s:dict> <s:key name="Complete">6</s:key> <s:key name="NonStreamingTarget">0</s:key> <s:key name="PendingDiscard">0</s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
shcluster/config
https://<host>:<mPort>/services/shcluster/config
List search head cluster node configuration.
GET
List search head cluster node configuration.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
cxn_timeout | Low-level timeout, in seconds, for establishing connection between searchhead cluster nodes. Defaults to 60 seconds. |
disabled | Indicates if this node is disabled. |
heartbeat_period | Only valid for member nodes in a searchhead cluster. The time, in seconds, that a member attempts to send a heartbeat to the captain |
heartbeat_timeout | Only valid for the captain node in a searchhead cluster configuration. The time, in seconds, before a captain considers a member down. Once a member is down, the captain initiates steps to replicate artifacts from the dead member to its live members. Defaults to 60 seconds. |
id | Id of the SH cluster this member is a part of. |
max_peer_rep_load | Maximum number of replications that can be ongoing as a target. |
mode | Valid values: (disabled, member, captain, dynamic_captain) Defaults to disabled. Multiple values are permitted.
Sets operational mode for this searchhead cluster node. Only one captain may exist per searchhead cluster. |
percent_peers_to_restart | Percentage of peers to restart at the same time when doing a rolling restart. |
ping_flag | For internal use to facilitate communication between the captain and members. |
quiet_period | The time, in seconds, that a captain waits for members to add themselves to the searchhead cluster. |
rcv_timeout | Low-level timeout, in seconds, for receiving data between searchhead cluster nodes. Defaults to 60 seconds. |
register_replication_address | Valid only for nodes configured as members. The address on which a member is available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance. |
rep_cxn_timeout | Low-level timeout, in seconds, for establishing a connection for replicating data. |
rep_max_rcv_timeout | Maximum cumulative time, in seconds, for receiving acknowledgement data from members. Defaults to 600s. |
rep_max_send_timeout | Maximum time, in seconds, for sending replication slice data between searchhead cluster nodes. Defaults to 600s. |
rep_rcv_timeout | Low-level timeout, in seconds, for receiving data between searchhead cluster nodes. |
rep_send_timeout | Low-level timeout, in seconds, for sending replication data between searchhead cluster nodes. Defaults to 5 seconds. |
replication_factor | Only valid for nodes configured as a captain.
Determines how many copies of raw data are created in the searchhead cluster. This could be less than the number of searchhead cluster members. Must be greater than 0 and greater than or equal to the search factor. Defaults to 3. |
replication_port | TCP port to listen for replicated data from another searchhead cluster member. |
replication_use_ssl | Indicates whether to use SSL when sending replication data. |
restart_timeout | Only valid for nodes configured as a captain. The amount of time, in seconds, the captain waits for a member to come back when the member is restarted (to avoid the overhead of trying to fix the artifacts that were on the member). Defaults to 600 seconds.
Note: This only works if the member is restarted from Splunk Web. |
secret | Secret shared among the nodes in the searchhead cluster to prevent any arbitrary node from connecting to the searchhead cluster. If a member or searchhead is not configured with the same secret as the captain, it is not able to communicate with the captain.
Corresponds to pass4SymmKey setting in server.conf. |
send_timeout | Low-level timeout, in seconds, for sending data between searchhead cluster nodes. Defaults to 60 seconds. |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/config
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclusterconfig</title> <id>https://localhost:8089/services/shcluster/config</id> <updated>2014-10-15T08:50:47-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/config/_reload" rel="_reload"/> ... opensearch nodes elided ... <s:messages/> <entry> <title>config</title> <id>https://localhost:8089/services/shcluster/config/config</id> <updated>2014-10-15T08:50:47-07:00</updated> <link href="/services/shcluster/config/config" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/config/config" rel="list"/> <link href="/services/shcluster/config/config/_reload" rel="_reload"/> <link href="/services/shcluster/config/config" rel="edit"/> <link href="/services/shcluster/config/config/disable" rel="disable"/> <content type="text/xml"> <s:dict> <s:key name="cxn_timeout">60</s:key> <s:key name="disabled">0</s:key> ... eai:acl node elided ... <s:key name="heartbeat_period">5</s:key> <s:key name="heartbeat_timeout">60</s:key> <s:key name="id">BB3116C0-73B9-459A-B473-254A18A69776</s:key> <s:key name="max_peer_rep_load">5</s:key> <s:key name="mode">dynamic_captain</s:key> <s:key name="percent_peers_to_restart">10</s:key> <s:key name="ping_flag">1</s:key> <s:key name="quiet_period">60</s:key> <s:key name="rcv_timeout">60</s:key> <s:key name="register_replication_address"></s:key> <s:key name="rep_cxn_timeout">60</s:key> <s:key name="rep_max_rcv_timeout">600</s:key> <s:key name="rep_max_send_timeout">600</s:key> <s:key name="rep_rcv_timeout">60</s:key> <s:key name="rep_send_timeout">60</s:key> <s:key name="replication_factor">2</s:key> <s:key name="replication_port">3456</s:key> <s:key name="replication_use_ssl">0</s:key> <s:key name="restart_timeout">60</s:key> <s:key name="secret">********</s:key> <s:key name="send_timeout">60</s:key> </s:dict> </content> </entry> </feed>
shcluster/config/config
https://<host>:<mPort>/services/shcluster/config/config
Configure search head cluster members.
POST
Configure search head cluster members.
Request parameters
Name | Type | Description |
---|---|---|
rolling_restart | String | Sets the mode for search head cluster rolling restart. Options include:
|
decommission_search_jobs_wait_secs | Integer | Specifies the amount of time, in seconds, that a search head cluster member waits for existing searches to complete before restarting. Default: 180 secs. |
manual_detention | Use one of the following values:
|
Specifies whether to put the cluster member in manual detention. |
target_uri | String | Specifies the target node you want to put in manual detention. |
Returned values
None
Example request and response
XML Request
curl -k -u admin:changed https://10.140.127.233:8089/services/shcluster/config/config -d rolling_restart=searchable -d decommission_search_jobs_wait_secs=120
XML Response
http://docs.splunk.com/Documentation/Splunk/7.2.0/RESTREF/RESTcluster
Example request and response for manual detention of a cluster member
XML Request
curl -k -u admin:changedpwd https://fool01.sv.splunk.com:8095/services/shcluster/config/config -d manual_detention=on -d target_uri=https://test.sv.splunk.com:8080
XML Response
<title>shclusterconfig</title> <id>https://10.140.127.233:8089/services/shcluster/config</id> <updated>2018-04-02T16:16:08-07:00</updated> <generator build="6a9fda63434" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/config/_reload" rel="_reload"/> <link href="/services/shcluster/config/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
shcluster/member/artifacts
https://<host>:<mPort>/services/shcluster/member/artifacts
Manage searchhead cluster member artifact configuration.
GET
List searchhead cluster members artifact configuration.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
For each member:
Name | Description |
---|---|
status | Indicates the status of this artifact. Possible values are as follows.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/member/artifacts
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustermemberartifacts</title> <id>https://localhost:8089/services/shcluster/member/artifacts</id> <updated>2014-10-15T08:51:46-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:51:46-07:00</updated> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413381600_268_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="status">Complete</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:51:46-07:00</updated> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413385200_281_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="status">Complete</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387900_290_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387900_290_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:51:46-07:00</updated> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387900_290_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387900_290_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413387900_290_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="status">Complete</s:key> </s:dict> </content> </entry> <entry> <title>scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413388200_291_88888888-8888-8888-8888-888888888888</title> <id>https://localhost:8089/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413388200_291_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-15T08:51:46-07:00</updated> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413388200_291_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413388200_291_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD5b9b800e209365567_at_1413388200_291_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... <s:key name="status">Complete</s:key> </s:dict> </content> </entry> </feed>
shcluster/member/artifacts/{name}
https://<host>:<mPort>/services/shcluster/member/artifacts/{name}
Get {name} member artifact configuration.
GET
List {name} member artifact information.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
Name | Description |
---|---|
status | Indicates the status of this artifact. Possible values are as follows.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustermemberartifacts</title> <id>https://localhost:8089/services/shcluster/member/artifacts</id> <updated>2014-10-16T22:33:37-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888</title> <id>https://wimpy.splunk.com:55569/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888</id> <updated>2014-10-16T22:33:37-07:00</updated> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888" rel="list"/> <link href="/services/shcluster/member/artifacts/scheduler__admin_U0Etbml4__RMD592d31e53ed62579e_at_1413518400_762_88888888-8888-8888-8888-888888888888" rel="remove"/> <content type="text/xml"> <s:dict> ... eai:acl node elided ... ... eai:attributes node elided ... <s:key name="status">Complete</s:key> </s:dict> </content> </entry> </feed>
shcluster/member/control/control/set_manual_detention
https://<host>:<mPort>//services/shcluster/member/control/control/set_manual_detention
Put the search head cluster member in manual detention mode or take the search head cluster member out of this mode. When a search head cluster member is in manual detention, it does not accept new search jobs, including both scheduled and ad-hoc searches. Existing search jobs run to completion. It also participates in cluster administration operations with the exception of artifact replication.
POST
Adjust search head manual detention mode.
Request parameters
Name | Type | Description |
---|---|---|
manual_detention | Use one of the following values.
|
Enable or disable manual detention. |
Returned values
None
Example request and response
XML Request
curl -u admin:password -k https://localhost:8089/servicesNS/admin/search/shcluster/member/control/control/set_manual_detention -d manual_detention=on
XML Response
<title>shclustermembercontrol</title> <id>https://localhost:8089/servicesNS/admin/search/shcluster/member/control</id> <updated>2018-03-28T08:04:28-07:00</updated> <generator build="5fbc8cfc742f" version="7.2.0"/> <author> <name>Splunk</name> </author> <link href="/servicesNS/admin/search/shcluster/member/control/_acl" rel="_acl"/> <opensearch:totalResults>0</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/>
shcluster/member/consensus
https://<host>:<mPort>/services/shcluster/member/consensus
Get latest cluster configuration from the raft consensus protocol.
GET
Get latest cluster configuration from the raft consensus protocol.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
These values are returned for each member.
Name | Description |
---|---|
configuration_id | Unique id for this configuration. |
servers_list | Comma-separated list of members that are part of the cluster. Each member is listed as scheme://host:port |
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/member/consensus
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustermemberconsensus</title> <id>https://localhost:8089/services/shcluster/member/consensus</id> <updated>2014-10-15T08:52:28-07:00</updated> <generator build="235980" version="20141014"/> <author> <name>Splunk</name> </author> ... opensearch nodes elided ... <s:messages/> <entry> <title>shc_cluster_configuration</title> <id>https://localhost:8089/services/shcluster/member/consensus/shc_cluster_configuration</id> <updated>2014-10-15T08:52:28-07:00</updated> <link href="/services/shcluster/member/consensus/shc_cluster_configuration" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/consensus/shc_cluster_configuration" rel="list"/> <link href="/services/shcluster/member/consensus/shc_cluster_configuration" rel="edit"/> <content type="text/xml"> <s:dict> <s:key name="configuration_id">4</s:key> ... eai:acl node elided ... <s:key name="servers_list">https://localhost:55560,https://localhost:55569</s:key> </s:dict> </content> </entry> </feed>
shcluster/member/info
https://<host>:<mPort>/services/shcluster/member/info
Access searchhead cluster member node information.
GET
List member information.
Request parameters
Pagination and filtering parameters can be used with this method.
Returned values
These values are returned for each member.
Name | Description |
---|---|
active_historical_search_count | Number of currently running historical searches. |
active_realtime_search_count | Number of currently running realtime searches. |
adhoc_searchhead | Flag that indicates if this member can run scheduled searches. |
is_registered | Indicates if this member is registered with the searchhead cluster captain. |
last_heartbeat_attempt | Timestamp for the last attempt to contact the captain. |
maintenance_mode | N/A |
peer_load_stats_gla_15m | Number of scheduled searches run in the last 15 minutes. |
peer_load_stats_gla_1m | Number of scheduled searches run in the last one minute. |
peer_load_stats_gla_5m | Number of scheduled searches run in the last five minutes. |
peer_load_stats_max_runtime | N/A |
peer_load_stats_num_autosummary | N/A |
peer_load_stats_num_historical | N/A |
peer_load_stats_num_realtime | N/A |
peer_load_stats_num_running | N/A |
peer_load_stats_total_runtime | N/A |
restart_state | Indicates whether the member needs to be restarted to enable its searchhead cluster configuration. |
status | Indicates the status of the member. Possible values are as follows.
|
Example request and response
XML Request
curl -k -u admin:pass https://localhost:8189/services/shcluster/member/info
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclustermemberinfo</title> <id>https://10.222.21.58:8089/services/shcluster/member/info</id> <updated>2018-03-29T12:05:35-07:00</updated> <generator build="d75793dbca24" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/member/info/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>member</title> <id>https://10.222.21.58:8089/services/shcluster/member/info/member</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/shcluster/member/info/member" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/member/info/member" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="active_historical_search_count">0</s:key> <s:key name="active_realtime_search_count">0</s:key> <s:key name="adhoc_searchhead">0</s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="is_registered">1</s:key> <s:key name="last_heartbeat_attempt">1522350335</s:key> <s:key name="maintenance_mode">0</s:key> <s:key name="no_artifact_replications">0</s:key> <s:key name="peer_load_stats_gla_15m">0</s:key> <s:key name="peer_load_stats_gla_1m">0</s:key> <s:key name="peer_load_stats_gla_5m">0</s:key> <s:key name="peer_load_stats_max_runtime">0</s:key> <s:key name="peer_load_stats_num_autosummary">0</s:key> <s:key name="peer_load_stats_num_historical">0</s:key> <s:key name="peer_load_stats_num_realtime">0</s:key> <s:key name="peer_load_stats_num_running">0</s:key> <s:key name="peer_load_stats_total_runtime">0</s:key> <s:key name="restart_state">NoRestart</s:key> <s:key name="status">ManualDetention</s:key> </s:dict> </content> </entry> </feed>
shcluster/status
https://<host>:<mPort>/services/shcluster/status
Performs health checks to determine search head cluster health status, prior to a rolling upgrade or rolling restart.
Authentication and Authorization
Requires the admin
role or list_search_head_clustering
capability.
GET
Get search head cluster health status information .
Request parameters
Name | Type | Description |
---|---|---|
advanced | Boolean | Lists search head cluster status information in a verbose manner. |
Returned values
These values are returned for each member.
Node | Name | Datatype | Description |
---|---|---|---|
Captain | decommission_search_jobs_wait_secs | Integer | Determines the maximum time, in seconds, that a member waits for search jobs to complete before it transitions to the down or GracefulShutdown state. |
dynamic_captain | Boolean | If true (1), then the captain is selected by elections. If false (0), then a static captain (no elections) is assigned. | |
elected_captain | String | The time when new captain is elected. | |
id | String | Specifies the search head cluster GUID. | |
initialized_flag | Boolean | Indicates if the captain is initialized. | |
label | String | Specifies the search head cluster label. | |
max_failures_to_keep_majority | Boolean | Indicates how many more nodes can be down to keep majority. | |
mgmt_uri | String | Specifies the URI and management port for the captain. | |
min_peers_joined_flag | Boolean | min_peers_joined_flag is true when there are at least as many search head peers as the replication_factor. | |
rolling_restart | String | Shows the restart mode, either restart or searchable. | |
rolling_restart_flag | Boolean | rolling_restart_flag is true when a rolling restart is in progress. | |
rolling_upgrade_flag | Boolean | rolling_upgrade_flag is true when a rolling upgrade is in progress. | |
service_ready_flag | Boolean | service_ready_flag is true when everything is up and running as expected and "ready to go!" | |
stable_captain | Boolean | Indicates stable captain based on heartbeat. | |
Member | label | String | Specifies the search head label. |
last_conf_replication | String | Specifies when the member last pulled a set of configurations from the captain. | |
manual_detention | String | Indicates if the member is in manual detention. Use off or on. | |
mgmt_uri | String | Specifies the URI and management port for the member. | |
mgmt_uri_alias | String | Specifies the URI and management port for the member. | |
out_of_sync_node | Boolean | out_of_sync_node is true when the member is out of sync. | |
preferred_captain | Boolean | Indicates the member's preference for captaincy. | |
restart_required | Boolean | restart_required is true when member requests a restart | |
splunk_version | String | Splunk version running on the search head. | |
status | String | Indicates the current status of the member. |
Example request and response
XML Request
curl -k -u admin:changed123 https://localhost:8089/services/shcluster/status?advanced=1?
XML Response
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"> <title>shclusterstatus</title> <id>https://10.222.21.58:8089/services/shcluster/status</id> <updated>2018-03-29T12:00:50-07:00</updated> <generator build="d75793dbca24" version="7.1.0"/> <author> <name>Splunk</name> </author> <link href="/services/shcluster/status/_acl" rel="_acl"/> <opensearch:totalResults>1</opensearch:totalResults> <opensearch:itemsPerPage>30</opensearch:itemsPerPage> <opensearch:startIndex>0</opensearch:startIndex> <s:messages/> <entry> <title>status</title> <id>https://10.222.21.58:8089/services/shcluster/status/status</id> <updated>1969-12-31T16:00:00-08:00</updated> <link href="/services/shcluster/status/status" rel="alternate"/> <author> <name>system</name> </author> <link href="/services/shcluster/status/status" rel="list"/> <content type="text/xml"> <s:dict> <s:key name="captain"> <s:dict> <s:key name="dynamic_captain">1</s:key> <s:key name="elected_captain">Thu Mar 29 11:58:04 2018</s:key> <s:key name="id">93E0DBE8-A435-462F-BF7D-6297C9D9F939</s:key> <s:key name="initialized_flag">1</s:key> <s:key name="label">ip-10-222-21-58</s:key> <s:key name="mgmt_uri">https://10.222.21.58:8089</s:key> <s:key name="min_peers_joined_flag">1</s:key> <s:key name="rolling_restart_flag">0</s:key> <s:key name="service_ready_flag">1</s:key> </s:dict> </s:key> <s:key name="eai:acl"> <s:dict> <s:key name="app"></s:key> <s:key name="can_list">1</s:key> <s:key name="can_write">1</s:key> <s:key name="modifiable">0</s:key> <s:key name="owner">system</s:key> <s:key name="perms"> <s:dict> <s:key name="read"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> <s:key name="write"> <s:list> <s:item>admin</s:item> <s:item>splunk-system-role</s:item> </s:list> </s:key> </s:dict> </s:key> <s:key name="removable">0</s:key> <s:key name="sharing">system</s:key> </s:dict> </s:key> <s:key name="peers"> <s:dict> <s:key name="2EF65F8B-2689-4A77-B056-E824B2FEB0CA"> <s:dict> <s:key name="label">ip-10-222-25-57</s:key> <s:key name="last_conf_replication">Thu Mar 29 12:00:49 2018</s:key> <s:key name="mgmt_uri">https://10.222.25.57:8089</s:key> <s:key name="mgmt_uri_alias">https://10.222.25.57:8089</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> <s:key name="48E93CC7-9A2D-40BE-BAF5-EB9C87200FA5"> <s:dict> <s:key name="label">ip-10-222-31-70</s:key> <s:key name="last_conf_replication">Thu Mar 29 12:00:46 2018</s:key> <s:key name="mgmt_uri">https://10.222.31.70:8089</s:key> <s:key name="mgmt_uri_alias">https://10.222.31.70:8089</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> <s:key name="F8AB4ECE-F14A-415E-AEBE-9BC87216D056"> <s:dict> <s:key name="label">ip-10-222-21-58</s:key> <s:key name="mgmt_uri">https://10.222.21.58:8089</s:key> <s:key name="mgmt_uri_alias">https://10.222.21.58:8089</s:key> <s:key name="status">Up</s:key> </s:dict> </s:key> </s:dict> </s:key> </s:dict> </content> </entry> </feed>
upgrade/shc/recovery
https://<host>:<mPort>/services/upgrade/shc/recovery
Return search head cluster to ready state after automated rolling upgrade failure.
Authentication and Authorization
Requires admin role or another role containing these capabilties:
- upgrade_splunk_shc
- list_search_head_clustering
- list_settings
- use_remote_proxy
POST
Return SHC to ready state after automated rolling upgrade failure.
Request parameters
None
Returned values
Name | Type | Description |
---|---|---|
status | String | Status of HTTP request. For example, "succeeded" or "failed" |
Example request and response
JSON Request
curl -X POST -u admin:pass -k https://localhost:8089/services/upgrade/shc/recovery?output_mode=json
JSON Response
{ "updated":"2022-11-24T17:36:20+0000", "author":"Splunk", "layout":"props", "entry":[ { "title":"recovery", "id":"/services/upgrade/shc/recovery", "updated":"2022-11-24T17:36:20+0000", "links":{ "alternate":{ "href":"shc/recovery" } }, "content":{ "message":"Instance recovered successfully", "status":"succeeded" } } ] }
upgrade/shc/status
https://<host>:<mPort>/services/upgrade/shc/status
Check the status of an automated search head cluster rolling upgrade.
Authentication and Authorization
Requires admin role or another role containing these capabilities:
- upgrade_splunk_shc
- list_search_head_clustering
- list_settings
- use_remote_proxy
GET
Check the status of automated SHC rolling upgrade.
Request parameters
None
Returned values
Name | Type | Description |
---|---|---|
upgrade status | String | Status of automated rollling upgrade for entire clutser. |
peers_to_upgrade | Number | The total number of cluster members to upgrade. |
overall_peers_upgraded | Number | The number of cluster members upgraded at present. |
overall_peers_upgraded_percentage | Number | The percentage of total cluster members upgraded at present. |
name | String | The name of the individual cluster member. |
status | String | Upgrade status of the individual cluster member. |
last_modified | String | Date and time the individual cluster member was modified. |
Example request and response
JSON Request
curl -u admin:pass -k https://localhost:8089/services/upgrade/shc/status?output_mode=json
JSON Response
{ "updated":"2022-11-24T17:33:28+0000", "author":"Splunk", "layout":"props", "entry":[ { "title":"status", "id":"/services/upgrade/shc/status", "updated":"2022-11-24T17:33:28+0000", "links":{ "alternate":{ "href":"shc/status" } }, "content":{ "message":{ "upgrade_status":"completed", "statistics":{ "peers_to_upgrade":3, "overall_peers_upgraded":3, "overall_peers_upgraded_percentage":100 }, "peers":[ { "name":"sh2", "status":"upgraded", "last_modified":"Thu Nov 24 17:29:41 2022" }, { "name":"sh1", "status":"upgraded", "last_modified":"Thu Nov 24 17:28:07 2022" }, { "name":"sh3", "status":"upgraded", "last_modified":"Thu Nov 24 17:31:15 2022" } ] } } } ] }
upgrade/shc/upgrade
https://<host>:<mPort>/services/upgrade/shc/upgrade
Initiate an automated rolling upgrade of a search head cluster.
Authentication and Authorization
Requires admin role or another role containing these capabilities:
- upgrade_splunk_shc
- list_search_head_clustering
- list_settings
- use_remote_proxy
POST
Initiate automated SHC rolling upgrade.
Request parameters
None
Returned values
Name | Type | Description |
---|---|---|
status | String | Status of HTTP request. For example, "succeeded" or "failed". |
Example request and response
JSON Request
curl -X POST -u admin:pass -k https://localhost:8089/services/upgrade/shc/upgrade?output_mode=json
JSON Response
{ "updated":"2022-11-24T17:25:54+0000", "author":"Splunk", "layout":"props", "entry":[ { "title":"upgrade", "id":"/services/upgrade/shc/upgrade", "updated":"2022-11-24T17:25:54+0000", "links":{ "alternate":{ "href":"shc/upgrade" } }, "content":{ "message":"Upgrade initiated", "status":"succeeded" } } ] }
Application endpoint descriptions | Configuration endpoint descriptions |
This documentation applies to the following versions of Splunk® Enterprise: 9.4.0
Feedback submitted, thanks!