1) Create 4 ec2 instance in aws and install splunk on it.
2) After successful installation and successful running of splunk apply the following command.
3) --In Deployer
cd /opt/splunk/etc/system/local
Add the following command into server.conf file.
[shclustering]
pass4SymmKey = admin@123
shcluster_label = shcluster1
4) To Configure search head as a cluster member
Run this command in all the SH , Don't run this command in deployer.
./splunk init shcluster-config -auth {username}:{password} -mgmt_uri {URI}:{management_port} -replication_port {replication_port} -replication_factor {n} -conf_deploy_fetch_url {URL}:{management_port} -secret {security_key} -shcluster_label {label}
5) To set one node as a captain
Fire this command in the sh whom you want to become your cluster master.
sudo ./splunk bootstrap shcluster-captain -servers_list "{URI}:{management_port},{URI}:{management_port},..." -auth {username}:{password}
6) To see the detail of cluster.
--remove a memeber
./splunk remove shcluster-member
--see the cluster status
./splunk show shcluster-status -auth {username}:{password}
--see the member status
./splunk list shcluster-config -auth {username}:{password}