Splunk® Phantom (Legacy)

Install and Upgrade Splunk Phantom

Run make_cluster_node.pyc

Use the make_cluster_node.pyc script to configure an installed Splunk Phantom instance into a node of a cluster. This script stores the bulk of required configuration information from the PostgreSQL database.

Before running make_cluster_node, make sure that all the required services are working, either as external services or as a Shared Services server.

Collect the required information

You need this information to answer prompts for make_cluster_node.

  • IP addresses or hostnames for:
    • PostgreSQL 9.5 server
    • HAProxy server and the port that the HAProxy server uses to accept HTTPS connections
    • GlusterFS server
    • Splunk Enterprise instance REST port
    • Splunk Enterprise instance HTTP Event Collector port
  • User names, passwords, tokens, or SSH key information for:
    • pgbouncer PostgreSQL database user
    • postgres PostgreSQL database user
    • login password for the HAProxy server, unless it uses an ssh key
    • Splunk Phantom username and password for the install being converted
    • Splunk Enterprise user with phantomsearch permissions
    • Splunk Enterprise user with phantomdelete permissions
    • Splunk Enterprise HTTP Event Collector token

Create a Splunk Phantom node

Once you have either a Shared Services server or external services established, you convert installations of Splunk Phantom into cluster nodes.

Privileged installation

On a privileged installation, such as a virtual machine image, or an RPM installation, run the make_cluster_node.pyc script as root or a user with sudo permissions.

  1. Run the make_cluster_node.pyc script. 
    /opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc --responses /path/to/mcn_responses.json

    You don't have to use mcn_responses.json. If you do not supply a JSON file, the script prompts you for the information it needs. The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.

  2. For each other node, run the script without arguments.
    /opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc

Unprivileged installation

On an unprivileged installation you must first change to the directory where Splunk Phantom is installed.

  1. Change to the Splunk Phantom home directory.
    cd <phantom_install_dir>/bin/
  2. Run make_cluster_node.pyc using python.
    phenv python ./make_cluster_node.pyc --responses /path/to/mcn_responses.json

    You don't have to use mcn_responses.json. If you do not supply a JSON file, the script prompts you for the information it needs. The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.

Last modified on 14 September, 2021
Run make_server_node.pyc   Set up an external PostgreSQL server

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters