Is there a trick to adding search peers with a search head cluster? I have to add 20 new indexers very soon and I don't want to have to goto each SH GUI over and over. Assuming there is a script somewhere I should be running?
You could do this:
local
directory of the app, create a file names distsearch.confHere is some info on creating/editing distsearch.conf
(facepalm) I wish they put that in the documentation 🙂
Hey yes, the manual key exchange is what I am trying to avoid. Assuming there is a script or something that we should be using?
Distribute the key files
If you add search peers via Splunk Web or the CLI, Splunk Enterprise automatically configures authentication. However, if you add peers by editing distsearch.conf, you must distribute the key files manually. After adding the search peers and restarting the search head, as described above:
The is the search head's serverName, specified in server.conf.