I am performing an initial deployment of Splunk Enterprise on 6.2.2. I have configured a deployer with a recommended secret key in the [shclustering] section of the deployer's server.conf. I have also initialized three different search head cluster members and restarted splunkd on all members. When I attempt to bootstrap the initial cluster captain, I receive the simple error, "ERROR SHPRaftConsensus - Failed to bootstrap this node as a captain."
Does anyone have any guidance on how I can get passed this?
There is mistake in your CLI which you are running on search head.
Try this
replace admin:changed by your Splunk credentials
/opt/splunk/bin/splunk bootstrap shcluster-captain -servers_list "https://splunk1.acml.com:8089,https://splunk2.acml.com:8089,https://splunk3.acml.com:8089" -auth admin:changed
Refer follow document
http://docs.splunk.com/Documentation/Splunk/6.2.4/DistSearch/SHCdeploymentoverview
point 5 Bring up the cluster captain
I hope this helps
Kindly tear down whole search head clustering setup.
Edit server.conf in $SPLUNK_HOME/etc/system/local and remove [shclustering] and [replication_port] stanza from each search head and restart them.
Also remove [shclustering] stanza from server.conf on deployer in $SPLUNK_HOME/etc/system/local and restart.
In my case I first followed above steps and then did whole clustering setup and it worked.
don't forget to restart search heads and deployer after tearing the setup.
I hope this helps.
adding the -auth argument doesn't make a difference. It just prevents you from getting prompted for credentials.
What node are you bootstrapping from?
Post your configs and syntax you are using to create this. If you follow the docs, it should work correctly. So most likely you're missing steps.
I ran the following on each of the 3 search heads (splunk1,2,3) after installing splunk, configuring them as License slaves, and changing the admin passwords.
/opt/splunk/bin/splunk init shcluster-config -mgmt_uri https://splunkdeployer:8089 -replication_port 9200 -secret XXXXX
Then I ran this on one of the search heads:
/opt/splunk/bin/splunk bootstrap shcluster-captain -servers_list https://splunk1.acml.com:8089,https://splunk2.acml.com:8089,https://splunk3.acml.com:8089
and got the following...
In handler 'shclustermemberconsensus': Failed to Set Configuration. One potential is captain could not hear back from all the nodes in a timeout period. Ensure alladded nodes are up, and increase the raft timeout. If all nodes are up and runningat splunkd.log for appendEntries errors due to mgmt_uri mismatch
We are having the same issue in the same scenario. Looking for a solution now....we are using 6.2.4 on linux