Splunk® Enterprise

Managing Indexers and Clusters of Indexers

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Configure and manage the indexer cluster with the CLI

You can use the CLI to perform a wide set of indexer cluster activities, including:

Some clustering commands are available only for a specific node type, such as the master node.

Enable cluster nodes

You can enable instances as cluster nodes with the splunk edit cluster-config command. After enabling an instance, you must restart it.

This topic discusses some issues that are common to all node types. For specific instructions for each node type, see:

For details on the specific command-line options, read "Configure the indexer cluster with server.conf".

For multisite cluster configurations, also read "Configure multisite indexer clusters with the CLI".

Example configuration

To enable an instance as a master node, set mode to "master" and configure other cluster options as needed:

splunk edit cluster-config -mode master -replication_factor 4 -search_factor 3 

splunk restart

Peer node and search head configuration are similar.

Specify a security key

You can optionally specify a security key for the cluster by appending the -secret flag when you enable each cluster node. For example:

splunk edit cluster-config -mode slave -master_uri https://10.160.31.200:8089 -replication_port 9887 -secret your_key

The security key authenticates communication between the master and the peers and search heads. The key, if specified, must be the same across all cluster instances. If, for example, you specify it for the master, you must also specify it for all peers and search heads.

Edit cluster configurations

You can also use the CLI to edit the cluster node configuration after the node has been enabled. How you do this depends on the type of cluster node. See the topics covering CLI configuration of the different node types.

View cluster information

There are a number of splunk list commands that return different types of cluster information. For example, to get detailed information on each peer in the cluster, run this command on the master:

splunk list cluster-peers

To get information on the cluster configuration, run this command from any node:

splunk list cluster-config

See the CLI clustering help for the full set of splunk list commands.

Manage the cluster

You can also use the CLI to perform a number of different actions on the cluster. Those actions are described in their own topics:

Get help on the CLI commands

The CLI provides online help for its commands. For general help on the full set of clustering commands, go to $SPLUNKHOME/bin and type:

splunk help cluster

For help on specific commands, specify the command name. For example:

splunk help list cluster-config

For general information on the CLI, read the "Administer Splunk Enterprise with the command line interface (CLI)" chapter in the Admin Manual, or type:

splunk help 
PREVIOUS
Configure the indexer cluster with server.conf
  NEXT
Master configuration overview

This documentation applies to the following versions of Splunk® Enterprise: 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters