All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SHC Showing errors with create bundle

dhawal_sanghvi
New Member
‎04-05-2017 09:19 AM

Hello,

I am getting the following error on the Search Head Load balancer VIP and the search head cluster member:
[muw1splmonpin06] Failed to create a bundles setup with server name '537ECF93-E615-4B96-A740-0AB501D766DE'. Using peer's local bundles to execute the search, results might not be correct
[muw1splmonpin07] Failed to create a bundles setup with server name '537ECF93-E615-4B96-A740-0AB501D766DE'. Using peer's local bundles to execute the search, results might not be correct.

Along with the above message, I can see that the Job details says as "Gave up waiting for the captain to establish a common bundle version across all search peers; using most recent bundles on all peers instead".

I don't see any of the above errors on the Search Head Captian node when I execute the search. I have verified the search peers on all the search head members is same across. Can you guide or assist on what could cause this issue and how to fix it?

Thanks,
Dhawal

Tags (1)
0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎04-05-2017 09:26 AM

What version of Splunk? Earlier than 6.5.2? If so, update to at least 6.5.2, but preferably 6.5.3. There were bugs in the bundle stuff prior to 6.5.2. We had trouble on both search heads and indexers with the bundles being applied. Apparently the full bundle was p[ushed and if they were large, there were problems. When we upgraded to 6.5.2 all those problems went away.

0 Karma
Reply

dhawal_sanghvi
New Member
‎04-05-2017 07:59 PM

This is a new Search head Clustering setup with Non indexexer cluster running on Splunk 6.4.3.

0 Karma
Reply

dhawal_sanghvi
New Member
‎04-06-2017 02:36 AM

Is this version related issue? Or is there some config which is missing or not configured properly?

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎04-06-2017 05:43 AM

It may be related to your release as well. We had more problems with 6.5.1, but we did have at least one problem when we were on 6.4. Ask Splunk support.

0 Karma
Reply

dhawal_sanghvi
New Member
‎04-06-2017 05:45 AM

Ok. I just verified now and the issue is fixed without doing any changes. Strange!!

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎04-06-2017 05:52 AM

That sounds like the issue. The bundles were too big, which would time out when being transmitted, causing the failure. Subsequent bundle pushes may or may not work. We had some bundles so big that at least one failed every time for more than a day. That was fixed with the upgrade.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...