Migration of the Master Node in an Index Cluster Environment

We might need to replace the Master-Node for either of these reasons

1.  The Node Fails

2.  We need to move the Master to a Different Machine or Site .

For Example :  We will consider the following :

OLD  :  XX.XX.XX.XX           ( It is an IP Address of the OLD Master Node )

NEW : YY.YY.YY.YY            ( It is an IP Address of the NEW Master Node in which we are 
                                                      going to Migrate our OLD Master Node )


*** The NEW does not use the Same IP address  or Management Port as the OLD one  ***

1.  Go to OLD ,

***   Stop the Splunk  ***

#   ssh root@XX.XX.XX.XX
#  cd /opt/splunk/bin
# ./splunk stop

2.  Go to NEW

***   Install Splunk and Stop it  ***

#  ssh root@YY.YY.YY.YY
#  cd /opt/splunk/bin
#  ./splunk start –accept-license
# ./splunk stop 

3.  Go to NEW

#  ssh root@YY,YY.YY.YY
#  cd /opt/splunk/etc/system/local/
 Copy the ‘ sslKeysfilePassword=’ to the notepad from ‘server.conf’ file

4.   Go to OLD 

****  Copy the server.conf file from OLD to NEW  ***

#  ssh root@XX.XX.XX.XX
#  cd /opt/splunk/etc/system/local
# scp server.conf root@YY.YY.YY.YY:/opt/splunk/etc/system/local/.

***   Copy the master-apps directory from OLD to NEW  ***

#  cd /opt/splunk/etc/
#  scp -r master-apps root@YY.YY.YY.YY:/opt/splunk/etc/.

5.  Go to NEW

# ssh root@YY.YY.YY.YY
# cd /opt/splunk/etc/system/local
# vi server.conf

Remove the line with ‘ sslKeysfilePassword=.****’  and  Copy from
your notepad and paste it hear :-  ‘ sslKeysfilePassword=’ 
Replace the value of a ‘ ServerName’ with YY.YY.YY.YY

#  /opt/splunk/bin/splunk start


****  Now, we have to update the ‘master_uri’ settings on all the peers and search heads to point the (NEW) Master’s IP address and the Management Port  ****

1. Go to any one INDEXER,

#  ssh root@Indexer_IP
#  cd /opt/splunk/etc/system/local
#  vi server.conf

 Where ever you find ‘master_uri’ , replace its value with     https://YY.YY.YY.YY:8089

#  /opt/splunk/bin/splunk restart

Note : Perform the above actions for all the Indexers in the Cluster

2.   Go to any one SEARCH HEAD,

#  ssh root@SearchHead_IP
#  cd /opt/splunk/etc/system/local
#  vi server.conf 

 Where ever you find ‘master_uri’ , replace its value with    https://YY.YY.YY.YY:8089   

 Replace the value of ‘conf_deploy_fetch_url’  with        https://YY.YY.YY.YY:8089

#  /opt/splunk/bin/splunk restart

Note : Perform the above actions for all the Search Heads in the Cluster

Now your Master Node in the Cluster Environment has been successfully Migrated !!

Hope you are now comfortable in : Migration of the Master Node in an 
Index Cluster Environment



  1. First of all congratulation on the new site.It is really amazing following someone having A GREAT BLOG! This blogs are really helpful those who started carrier in Splunk area. I am sure in future this blogs will more interesting and knowledgeable.
    Wonderful thoughts and Great overview examples on blogging.
    Great job Abhay!
    Have a nice day………keep on blogging 🙂

  2. Thanks Palash, Stay tuned and touch to get more topics on Splunk which would definetly help splunker to do the best in their field.

  3. awesome piece of information, I had come to know about your blog from my friend vimal, mumbai,i have read atleast 3 posts of yours by now, and let me tell you, your blog gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a million once again, Regards

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.