Enable the indexer cluster manager node
Before reading this topic, read Indexer cluster deployment overview.
A cluster has one, and only one, manager node. The manager node coordinates the activities of the peer nodes. It does not itself store or replicate data (aside from its own internal data).
Important: A manager node cannot do double duty as a peer node or a search node. The Splunk Enterprise instance that you enable as manager node must perform only that single indexer cluster role. In addition, the manager cannot share a machine with a peer. Under certain limited circumstances, however, the manager instance can handle a few other lightweight functions. See "Additional roles for the manager node".
You must enable the manager node as the first step in deploying a cluster, before setting up the peer nodes.
The procedure in this topic explains how to use Splunk Web to enable a manager node. You can also enable a manager node in two other ways:
- Directly edit the manager's
server.conffile. See "Configure the manager with server.conf" for details. Some advanced settings can only be configured by editing this file.
- Use the CLI
edit cluster-configcommand. See "Configure the manager with the CLI" for details.
Important: This topic explains how to enable a manager node for a single-site cluster only. If you plan to deploy a multisite cluster, see "Configure multisite indexer clusters with server.conf".
Enable the manager node
To enable an indexer as the manager node:
1. Click Settings in the upper right corner of Splunk Web.
2. In the Distributed environment group, click Indexer clustering.
3. Select Enable indexer clustering.
4. Select Manager node and click Next.
5. There are a few fields to fill out:
- Replication Factor.The replication factor determines how many copies of data the cluster maintains. The default is 3. For more information on the replication factor, see Replication factor. Be sure to choose the right replication factor now. It is inadvisable to increase the replication factor later, after the cluster contains significant amounts of data.
- Search Factor. The search factor determines how many immediately searchable copies of data the cluster maintains. The default is 2. For more information on the search factor, see Search factor. Be sure to choose the right search factor now. It is inadvisable to increase the search factor later, once the cluster has significant amounts of data.
- Security Key. This is the key that authenticates communication between the manager node and the peers and search heads. The key must be the same across all cluster nodes. The value that you set here must be the same that you subsequently set on the peers and search heads as well.
- Cluster Label. You can label the cluster here. The label is useful for identifying the cluster in the monitoring console. See Set cluster labels in Monitoring Splunk Enterprise.
6. Click Enable manager node.
The message appears, "You must restart Splunk for the manager node to become active. You can restart Splunk from Server Controls."
7. Click Go to Server Controls. This takes you to the Settings page where you can initiate the restart.
Important: When the manager node starts up for the first time, it will block indexing on the peers until you enable and restart the full replication factor number of peers. Do not restart the manager node while it is waiting for the peers to join the cluster. If you do, you will need to restart the peers a second time.
View the manager node dashboard
After the restart, log back into the manager node and return to the Clustering page in Splunk Web. This time, you see the manager node clustering dashboard. For information on the dashboard, see "View the manager node dashboard".
Perform additional configuration
For information on post-deployment manager node configuration, see "Manager node configuration overview".
System requirements and other deployment considerations for indexer clusters
Enable the peer nodes
This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5
Feedback submitted, thanks!