Approximately every five seconds, each cluster member contacts the captain and pulls any changes that have arrived since the last time it pulled changes. When a user makes a configuration change to a cluster member search head, the member saves the change to a file, or set of files, locally and also sends the change to the captain. The cluster also does not replicate newly installed or upgraded apps.įor information on how to distribute such configuration changes through the deployer, see Use the deployer to distribute apps and configuration updates. Instead, you must use the deployer to distribute the file to all cluster members. If you directly edit a configuration file, the cluster does not replicate it. In addition, the cluster only replicates changes that are made through Splunk Web, the Splunk CLI, or the REST API. Most settings in system configuration files require a restart to take effect, and there's no mechanism to initiate an automatic restart of cluster members following replication of such configurations. You cannot work around this situation by simply adding system configuration files to the include list. Exceptions from that list include certain settings in nf and nf. For a complete list of such files, see Global configuration files in the Admin Manual. The ignored configuration changes include most system configuration files, such as nf, nf, and so on. The cluster ignores configuration changes for any items that are not on the include list. Changing that value to "true" has no effect and does not cause the cluster to replicate search history. This is reflected in the default nf file, which includes the line, conf_replication_include.history = false. The cluster does not replicate user search history. These are examples of the types of files replicated for various include list items: The cluster also replicates permissions stored in *.meta files. In addition to configuration files themselves, the set of replicated files includes dashboard and nav XML, lookup table files, data model JSON files, and so on. The cluster replicates changes to all files underlying the include list items. This is the approximate set of include list items: See Use the deployer to distribute apps and configuration updates.įor a comprehensive list of items in the include list, consult the default version of nf. Then push the changes from the deployer to the cluster members. To add or remove items from the include list, update the affected conf_replication_include settings in a nf file within an app on the deployer. The default list is configured through the set of conf_replication_include attributes in the default version of nf, located in $SPLUNK_HOME/etc/system/default. The cluster uses an include list to determine what changes to replicate. You must use the deployer to push that saved search to all cluster members. However, if you, as the administrator, add a saved search by directly editing the nf file on one cluster member, the cluster does not replicate that saved search to the other cluster members. The cluster does not replicate any configuration changes that you make manually, such as direct edits to configuration files.įor example, if a user creates a saved search in Splunk Web on a cluster member, the cluster replicates that saved search to all cluster members. The cluster replicates changes made through these methods: An include list determines the specific types of changes that the cluster replicates.Ĭonfiguration methods that trigger replication.The cluster only replicates changes made at runtime, through specific configuration methods.Replication operates under these constraints: See Add users to the search head cluster. For example, when a user in Splunk Web defines a field extraction, the cluster replicates that field extraction to all search heads in the cluster. Runtime changes or additions to knowledge objects, such as saved searches, lookup tables, and dashboards.These are the main types of configuration changes that the cluster replicates: See Choose the replication factor for the search head cluster. The cluster's replication factor applies only to search artifact replication. Note: The cluster replicates configuration changes to all cluster members. The cluster automatically replicates certain runtime configuration changes that a user makes on one cluster member to all the other members. Configuration updates that the cluster replicates
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |