I need to perform some emergency maintenance on 1 member of my 4-member Search Head Cluster tonight. [From the docs][1], it looks like I need to remove the target from the SHC, clean the Splunk install, perform my maintenance (including a reboot), then re-add the target member back to the cluster. This seems insane to me. Is that really the best practice?
Would it be easier to just take down the entire cluster while working on this one machine?
[1]: http://docs.splunk.com/Documentation/Splunk/6.5.0/DistSearch/Addaclustermember
↧