Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search Heads in cluster are not able to replicate properly

MousumiChowdhur
Contributor
‎09-14-2017 04:25 AM

Hi!

There are 2 search heads in our production cluster. We have implemented Alert Manager app in our SH and it incorporates alert manager specific lookups,Data Models and event types. Some of the functionalities of this app and dashboards are not getting replicated properly in all our search heads. In addition to this we are also facing few scenario's where the dashboards data are not getting replicated properly.

We have increased the distsearch's default size to 3 Gb but still some times we have to face the above issue.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-14-2017 04:34 AM

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-14-2017 04:34 AM

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

MousumiChowdhur
Contributor
‎09-14-2017 05:08 AM

Hi,

I'm not able to see few of the dashboard panels data. When a user logs in through DNS and searches for a dashboard, his request hits either of the search heads. If it hits where dashboard or panel data is not replicated, he is not able to see anything in this case. Whereas, If the request hits the SH where data is present, user is able to see data in the dashboard.

0 Karma
Reply
Solved! Jump to solution

MousumiChowdhur
Contributor
‎09-26-2017 05:01 AM

Hi Cusello,

I have found that, my lookups are not getting replicated between search heads. On one of my search heads the number of lookups are more than that of the other search head.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-14-2017 06:31 AM

Yes this is the result of unallignment of Search Heads.
You should understand which are the Knowledge Objects of Alert Manager App not replicated between SearchHeads.
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...