Splunk® Enterprise

Distributed Search

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Set a security key for the search head cluster

The security key authenticates communication between all cluster members, as well as between members and the deployer instance.

For an overview of search head clustering configuration, see "Configure the search head cluster".

Security key must be identical across all nodes

You must set the key to the same value on all search head cluster members and the deployer.

Set the security key during deployment

It is recommended that you set the security key during initial cluster deployment. See "Deploy a search head cluster".

Set the security key post-deployment

If you neglected to set the key during deployment, you can set it post-deployment by configuring the pass4SymmKey attribute in server.conf on each cluster member and the deployer. Put the attribute under the [shclustering] stanza. For example:

pass4SymmKey = yoursecuritykey

You must restart each instance for the key to take effect. For more information on post-deployment configuration, see "Configuration methods."

Keep a copy of the security key

You should save a copy of the key in a safe place. Once an instance starts running, the security key changes from clear text to encrypted form, and it is no longer recoverable from server.conf. If you later want to add a new member, you will need to use the clear text version to set the key.

Multiple search head clusters and the security key

If your deployment includes multiple search head clusters, it is a best practice to use a different key for each cluster. By doing so, you avoid any possibility of mismatching clusters and their deployers, which could result in the content for one cluster being wrongly downloaded to a different one.

Set the security key for a combined search head cluster and indexer cluster

For information on setting the security key for a combined search head cluster and indexer cluster, see Integrate the search head cluster with an indexer cluster in Distributed Search.

Last modified on 08 June, 2018
Choose the replication factor for the search head cluster
How configuration changes propagate across the search head cluster

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.2.0, 9.2.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters