Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

search header cluster

wangyu
Loves-to-Learn Lots
‎05-05-2024 10:12 PM

I deployed the search header cluster and also deployed the indexer cluster, and merged the search header cluster and the indexer cluster. After downloading the sample data and uploading it to the indexer, all members of the indexer cluster can search for the uploaded data. When searching for members in the header cluster, there are two that cannot be searched for the uploaded data, and one that can be searched. "Unable to distribute to peer named 192.168.44.159 at uri=192.168.44.159:8089 using the uri scheme=https because peer has status=Down. Verify uri scheme, connectivity to the search peer, that the search peer is up, and that an equivalent level of system resources are available. See the Troubleshooting Manual for more information."

Labels (1)
Labels
0 Karma
Reply

sigma
Path Finder
4 weeks ago

Hi,

Did you check sslVersions in authentication.conf and server.conf?
Check that the SSL version is consistent among cluster members.

Regards.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-05-2024 10:27 PM

Hi @wangyu ,

did you followed the instructions at https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Clusterdeploymentoverview and https://docs.splunk.com/Documentation/Splunk/9.2.1/DistSearch/SHCdeploymentoverview ?

I suppose that you checked the connections between the members al the required ports:

  • IDX replication: by default 9100,
  • SHC replication 9200,
  • connection between IDXs and Cluster Manager 8089,
  • connection between SHs and Deployer 8089,
  • connection between SHs and IDXs 8089.

Then, how many SHs do you have in your SHC? they must be at least 3.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-06-2024 12:39 AM

Hi

Have you done this on all SHC members?

Configure each search head cluster member as a search head on the indexer cluster. Use the CLI splunk edit cluster-config command. For example:

https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCandindexercluster

One correction for those default ports. There is no default ports (or alt least earlier haven't been) for IDX replication or SHC replication. There are some commonly used ports, those are not default, you must always define those manually in CLI, conf files or in GUI!

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...