DCO-SOGs/6 SIEMs/Splunk/6.3searchheadcluster.md

search head 1

splunk init shcluster-config -auth admin:changed -mgmt_uri https://sh1.example.com:8089/ -replication_port 34567 -replication_factor 2 -conf_deploy_fetch_url https://10.160.31.200:8089/ -secret mykey -shcluster_label shcluster1

search head 2

splunk init shcluster-config -auth admin:changed -mgmt_uri https://sh1.example.com:8089/ -replication_port 34567 -replication_factor 2 -conf_deploy_fetch_url https://10.160.31.200:8089/ -secret mykey -shcluster_label shcluster1

search head 3

splunk init shcluster-config -auth admin:changed -mgmt_uri https://sh1.example.com:8089/ -replication_port 34567 -replication_factor 2 -conf_deploy_fetch_url https://10.160.31.200:8089/ -secret mykey -shcluster_label shcluster1

search head 1 captain

splunk bootstrap shcluster-captain -servers_list "https://sh1.example.com:8089,https://sh2.example.com:8089,https://sh3.example.com:8089,https://sh4.example.com:8089" -auth admin:changed

captain status