A Splunk search head clustering normally uses a dynamic captain, which can change over time. The dynamic captain is chosen by periodic elections, in which a majority of all cluster members must agree on the captain.
If a cluster loses the majority of its members, it cannot elect a captain and cannot continue to function in appropriate way. You can work around this situation by reconfiguring the cluster to use a static captain in place of the dynamic captain.
A static captain does not change over time. Unlike a dynamic captain, the cluster does not conduct an election to select the static captain. Instead, you designate a member as the static captain and that member remains the captain until you designate another member as captain.
To make any one member An Static Captain:
1. On the member that you want to designate as captain, run this CLI command:
splunk edit shcluster-config -mode captain -captain_uri : -election false
2. On each non-captain member, run this CLI command:
splunk edit shcluster-config -mode member -captain_uri : -election false
- -mode -> parameter specifies whether the instance should function as a captain or solely as a member.
- -captain_uri -> parameter specifies the URI and management port of the captain instance.
- -election -> By setting -election to “false”, you indicate that the cluster uses a static captain.
Revert to the dynamic captain:
When the precipitating situation has resolved, you should revert the cluster to control by a single, dynamic captain. To switch to dynamic captain, you reconfigure all the members that you previously configured for static captain.
Note: Also clean every Instance KV Store and also sync.
1. Once the cluster has regained its majority, convert all members back to dynamic captain using below command. Convert the current, static captain last.
splunk edit shcluster-config -election true -mgmt_uri :
2. Bootstrap one of the members. This member then becomes the first dynamic captain. It is recommended that you bootstrap the member that was previously serving as the static captain.
splunk bootstrap shcluster-captain -servers_list ":,:
If you are still facing issue regarding search head clustering issue Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉
