Splunk® Enterprise

Managing Indexers and Clusters of Indexers

Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Enable the peer nodes

Before reading this topic, read "Indexer cluster deployment overview".

You ordinarily need to enable multiple peer nodes to deploy a cluster. At a minimum, you must enable at least replication factor number of peers - and potentially more to accommodate horizontal scaling.

Before enabling the set of peers, you must enable and restart the manager node, as described in "Enable the manager node". When the manager node starts up for the first time, it will block indexing on the peers until you have enabled and restarted the replication factor number of peers.

The procedure in this topic explains how to use Splunk Web to enable a peer node. You can also enable a peer in two other ways:

Important: This topic explains how to enable a peer for a single-site cluster only. If you plan to deploy a multisite cluster, see "Configure multisite indexer clusters with server.conf".

Enable the peer

To enable an indexer as a peer node:

1. Click Settings in the upper right corner of Splunk Web.

2. In the Distributed environment group, click Indexer clustering.

3. Select Enable indexer clustering.

4. Select Peer node and click Next.

5. There are a few fields to fill out:

  • Manager URI. Enter the manager node's URI, including its management port. For example: https://10.152.31.202:8089.
  • Peer replication port. This is the port on which the peer receives replicated data streamed from the other peers. You can specify any available, unused port for this purpose. This port must be different from the management or receiving ports.
  • Security key. This is the key that authenticates communication between the manager node and the peers and search heads. The key must be the same across all cluster nodes. Set the same value here that you previously set on the manager node.

6. Click Enable peer node.

The message appears, "You must restart Splunk for the peer node to become active."

7. Click Go to Server Controls. This takes you to the Settings page where you can initiate the restart.

8. Repeat this process for all the cluster's peer nodes.

When you have enabled the replication factor number of peers, the cluster can start indexing and replicating data, as described in "Enable the manager node".

View the peer dashboard

After the restart, log back into the peer node and return to the Clustering page in Splunk Web. This time, you see the peer's clustering dashboard. For information on the dashboard, see "View the peer dashboard".

Configure the peers

After enabling the peers, you need to perform additional configuration before you start indexing data. For details, read these topics:

You might also need to configure some other settings on the peers. See "Peer node configuration overview".

Last modified on 22 April, 2021
Enable the indexer cluster manager node   Enable the search head

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters