Splunk® Phantom (Legacy)

Administer Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

View cluster status and enable or disable a cluster

View the Clustering page to see the status of your Splunk Phantom clusters, enable or disable a cluster, or add additional nodes. See Install and Upgrade Splunk Phantom for information about setting up a cluster.

Perform the following steps to access the Clustering page:

  1. From the main menu, select Administration.
  2. Select Product Settings > Clustering.

The status of online means that the cluster node is up and running.

Disable a node by toggling the switch next to Enabled so that it is in the off position.

Click View to view the system health for that specific node. See View the health of your Splunk Phantom system to read more about the system health view for cluster nodes.

Last modified on 27 January, 2020
Enable clickable URLs in CEF data   Configure multiple tenants on your instance

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters