Use the CLI to view information about a search head cluster
A number of CLI commands provide status information on the search head cluster.
You can also use the monitoring console to get more information about the cluster. See "Use the monitoring console to view search head cluster status and troubleshoot issues."
Show cluster status
To check the overall status of your search head cluster, run this command from any member:
splunk show shcluster-status -auth <username>:<password>
The command returns basic information on the captain and the cluster members. Key information that it provides includes:
- (Captain section.) The
dynamic_captain
field indicates whether the cluster uses a dynamic captain. A value of 1 specifies a dynamic captain. - (Captain section.) The
id
field specifies the cluster GUID. This GUID is different from the GUID of any cluster members, including the captain. - (Captain section.) The
label
field specifies the cluster label. The monitoring console uses the label identifier. - (Each member's section.) The
status
field specifies the status of each member, such as up, down, detention, restarting. Some status values require clarification:
- Detention. A cluster member enters detention when it runs out of disk space. While in detention, the captain will not assign scheduled searches or artifact copies to it. To remediate, you must increase the disk space available to the instance.
- Down. When a member leaves the cluster, because of some failure or because you remove it from the cluster, it enters the down state.
- Pending. This indicates that the member is attempting to rejoin the cluster. This is a transitional state. The status changes to Up when the member successfully rejoins the cluster.
- (Each member's section.) The
last_conf_replication
field indicates when the member last pulled a set of configurations from the captain. See View replication status.
Show member configuration
To check the configuration of a cluster member, run this command on the member itself:
splunk list shcluster-config -auth <username>:<password>
Alternatively, you can run this variant on another member:
splunk list shcluster-config -uri <URI>:<management_port> -auth <username>:<password>
Note the following:
- The
-uri
parameter specifies the URI and management port for the member whose configuration you want to check.
List cluster members
To get a list of all cluster members, run this command from any member:
splunk list shcluster-members -auth <username>:<password>
This command returns all members of the cluster, along with their configurations.
Note: The command continues to list members that have left the cluster until captaincy transfers.
List member information
To list information about a member, run this command on the member itself:
splunk list shcluster-member-info -auth <username>:<password>
Alternatively, you can run this variant on another member:
splunk list shcluster-member-info -uri <URI>:<management_port> -auth <username>:<password>
Note the following:
- The
-uri
parameter specifies the URI and management port for the member whose configuration you want to know.
List search artifacts
To list the set of artifacts stored on the cluster, run this command on the captain:
splunk list shcluster-artifacts
To list the set of artifacts stored on a particular member, run this command on the member itself:
splunk list shcluster-member-artifacts
List scheduler jobs
To list the set of scheduler jobs, run this command on the captain:
splunk list shcluster-scheduler-jobs -auth <username>:<password>
Use the search head clustering dashboard | Use the monitoring console to view search head cluster status and troubleshoot issues |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!