My management URI is not showing correctly in the ...

ben_leung · ‎03-14-2016

I am getting an incorrect value for the mgmt_uri value when accessing the rest endpoint /services/shcluster/status

This is on a search head node on a search head cluster on version 6.3.3

My server.conf shows the following:

[shclustering]
disabled = 0
pass4SymmKey = $1$asdfasdfasdf
shcluster_label = PROD_SHC
id = 26FBD1A2-8388-43A2-A1FC-C2EA9C9021D6
mgmt_uri = https://myhost@domain.com:8089
conf_deploy_fetch_url = https://mydeployer@domain.com:18089
scheduling_heuristic = round_robin
replication_factor = 1
election = false
mode = captain
captain_uri = https://myhost@domain.com:8089
captain_is_adhoc_searchhead = false

gflynn · ‎03-14-2017

This answer suggests that management uri is read from memory in the case of Static Captain. https://answers.splunk.com/answers/339015/search-head-cluster-is-breaking-when-mgmt-uri-has.html

I had similar issues with Static Captain, and instead set dynamic election and preferred captain on the search head I wanted. $SPLUNK_HOME/etc/system/local/server.conf [shclustering] stanza looks like this:

[shclustering]
conf_deploy_fetch_url = **REDACTED**
disabled = 0
mgmt_uri = **REDACTED**
pass4SymmKey = **REDACTED**
replication_factor = 2
id = **REDACTED**
adhoc_searchhead = true
preferred_captain = true

ben_leung · ‎03-14-2016

Background on this setup:
I have 2 search head nodes in a cluster. The captain is static.

My management URI is not showing correctly in the rest endpoint info

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases