Splunk Cluster Commands

by Posted on

o Splunk Cluster Commands

o $ spluk edit cluster-config -mode master –replication_factor 2 –search_factor 2 –secret ‘my_cluster_secret_key’

o $ splunk edit cluster-config –mode master –multisite true -site site1 –availabel_sites site1, site2 -site_repliaction_factor origin:1, total 2 –secret ‘my_cluster_secret_key’

o $splunk edit cluster-config –mode slave –master_uri https://CLUSTER_MASTER:8089 –secret ‘my_cluster_secret_key’ –replication_ports 9887

o $splunk edit cluster-config –master_uri https://CLUSTER_MASTER:8089 -mode slave site site1 secret ‘my_cluster_secret_key’ –replication_ports 9887

o $splunk add cluste-master – master_uri https://CLUSTER_MASTER:8089 –secret ‘my_cluster_secret_key’

o $splunk add cluster-config –mode searchhead -master_uri https://CLUSTER_MASTER:8089 –secret ‘my_cluster_secret_key’

o Indexer Cluster Commands
o $ splunk show maintenance-mode

o $ splunk enable maintenance-mode

o $ splunk disable maintenance-mode

o Take this peer offline with enforced counts, takes peer offline permanently
o $splunk offline { — enforce-counts }

o $spluk apply cluster-bundle

o $splunk show cluster-bundle-status

o $splunk show cluster-status

o Cluster_Master $splunk rolloing-restart cluster-peers

o Cluster_Master $splunk remove cluster-peers –peers indexer1

o Cluster_Master: $splunk dig –enable –rest

 Search head Clustering commands
 $splunk edit licenser-localsalve –master_uri https://CLUSTER-MASTER:8089

 $splunk edit cluster-config –mode searchhead –master_uri https://CLUSTER-MASTER:8089 –site sit1 –secret ‘my_cluster_secret_key’

 $splunk restart
 $splunk bootstrap shcluster-captain –server list http://search_head1:8089, http://shearch_head2:8089,http://shearch_head3:8089, http://search_head4:8089

 $splunk show shcluster-status

 $splunk rolloing-restart shcluster-members –status 1

 $spunk edit shcluster-config –shcluster_label search_head_cluster

 $splunk edit shcluster-config –conf_deploy_fetch_url

 $splunk show shcluster-status

 $splunk list shcluster-member


 $splunk rolling-restart shcluster-members

 $splunk apply shcluster-bundle

 $splunk remove shcluster-member

 $splunk remove shcluster-member

 $splunk disable shcluster-config

 $splunk remove shcluster-member –mgmt_uri https://SH:8089

 SH CLUSTER captain $splunk diag

 Maintenance mode for Indexer cluster
 $splunk [ show | enable | disable ] maintenance-mode

 $splunk apply cluster bundle automatically invoke maintenance mode

 $splunk rolling-restart automatically invoke maintenance mode

 Cleaning up excess replicas bucket : $/opt/splunk/bin/splunk list excess-buckets (index)
 $splunk remove excess-buckets (index)

 $splunk rebalance cluster-data –action start –index (index)

 $splunk rebalance cluster-data –action status

 $splunk rebalance cluster-data –action stop

 $splunk edit cluster-config –rebalance_threshold 0.90

 $splunk edit cluster-config –summary_replication true RUN IT ON CLUSTER MASTER

 On Cluster Master $splunk validate cluster-bundle

 On Cluster Master $splunk apply cluster-bundle

 On Cluster Master $splunk show cluster-bundle status

Published by Upen Patel