hortonew · August 16, 2018 23:44
diff --git a/Splunk search cluster example b/Splunk search cluster example
 Example SHCluster Config
 See doc for up to date configurations: http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCdeploymentoverview
 Would recommend sharing splunk.secret on deployer and any search head part of cluster so you can maintain configs on deployer.

 Splunk admin user: admin
 Splunk admin password: my-splunk-admin-password

 3 Search heads in cluster: searchhead-01, searchhead-02, searchhead-03
 Search cluster secret: my-shc-secret
 Search cluster label: my-shc-cluster-label
 Search deployer: deployer-01
 Search cluster replication port: 8989

 Indexing cluster master: splm-01
 Indexing cluster secret: my-indexing-cluster-secret



 On searchhead-01
 splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-01:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

 splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

 splunk restart


 On searchhead-02
 splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-02:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

 splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

 splunk restart


 On searchhead-03
 splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-03:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

 splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

 splunk restart


 Initialize a captain, for instance on searchhead-01
 splunk bootstrap shcluster-captain -servers_list "https://searchhead-01:8089,https://searchhead-02:8089,https://searchhead-03:8089"


 On deployer, to push a bundle
 splunk apply shcluster-bundle --answer-yes -target https://searchhead-01:8089 -auth admin:my-splunk-admin-password
	Example SHCluster Config
	See doc for up to date configurations: http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCdeploymentoverview
	Would recommend sharing splunk.secret on deployer and any search head part of cluster so you can maintain configs on deployer.

	Splunk admin user: admin
	Splunk admin password: my-splunk-admin-password

	3 Search heads in cluster: searchhead-01, searchhead-02, searchhead-03
	Search cluster secret: my-shc-secret
	Search cluster label: my-shc-cluster-label
	Search deployer: deployer-01
	Search cluster replication port: 8989

	Indexing cluster master: splm-01
	Indexing cluster secret: my-indexing-cluster-secret



	On searchhead-01
	splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-01:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

	splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

	splunk restart


	On searchhead-02
	splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-02:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

	splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

	splunk restart


	On searchhead-03
	splunk init shcluster-config -auth admin:my-splunk-admin-password -mgmt_uri https://searchhead-03:8089 -replication_port 8989 -replication_factor 2 -conf_deploy_fetch_url https://deployer-01:8089 -secret my-shc-secret -shcluster_label my-shc-cluster-label

	splunk edit cluster-config -mode searchhead -master_uri https://splm-01:8089 -secret my-indexing-cluster-secret

	splunk restart


	Initialize a captain, for instance on searchhead-01
	splunk bootstrap shcluster-captain -servers_list "https://searchhead-01:8089,https://searchhead-02:8089,https://searchhead-03:8089"


	On deployer, to push a bundle
	splunk apply shcluster-bundle --answer-yes -target https://searchhead-01:8089 -auth admin:my-splunk-admin-password