Set a security key for the search head cluster
The security key authenticates communication between all cluster members, as well as between members and the deployer instance.
For an overview of search head clustering configuration, see "Configure the search head cluster".
Security key must be identical across all nodes
You must set the key to the same value on all search head cluster members and the deployer.
Set the security key during deployment
It is recommended that you set the security key during initial cluster deployment. See "Deploy a search head cluster".
Set the security key post-deployment
If you neglected to set the key during deployment, you can set it post-deployment by configuring the pass4SymmKey
attribute in server.conf
on each cluster member and the deployer. Put the attribute under the [shclustering]
stanza. For example:
[shclustering] pass4SymmKey = yoursecuritykey
You must restart each instance for the key to take effect. For more information on post-deployment configuration, see "Configuration methods."
Keep a copy of the security key
You should save a copy of the key in a safe place. Once an instance starts running, the security key changes from clear text to encrypted form, and it is no longer recoverable from server.conf
. If you later want to add a new member, you will need to use the clear text version to set the key.
Multiple search head clusters and the security key
If your deployment includes multiple search head clusters, it is a best practice to use a different key for each cluster. By doing so, you avoid any possibility of mismatching clusters and their deployers, which could result in the content for one cluster being wrongly downloaded to a different one.
Set the security key for a combined search head cluster and indexer cluster
For information on setting the security key for a combined search head cluster and indexer cluster, see Integrate the search head cluster with an indexer cluster in Distributed Search.
Choose the replication factor for the search head cluster | How configuration changes propagate across the search head cluster |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2
Feedback submitted, thanks!