All Apps and Add-ons

Splunk App for Web Analytics: Why am I getting bundle replication errors running the data model builds on the search head?

mcomfurf
Path Finder

We have a distributed Splunk environment with two search heads, four indexers in two clusters, and a deployment server. I set up the Splunk App for Web Analytics on the search heads, configured some web sites, and began running the data model builds described in the Setup steps. As this ran, we started seeing bundle replication warnings, and the search head running the data model build started to fill with very large bundle files, @ 1 GB a piece.

From Splunk logs:

07-31-2015 13:32:36.583 -0400 ERROR DistributedBundleReplicationManager - Unexpected problem while uploading bundle: Unknown write error
07-31-2015 13:32:36.583 -0400 ERROR DistributedBundleReplicationManager - Unable to upload bundle to peer named server1 with uri=https://11.22.33.44:8089.

jbjerke_splunk
Splunk Employee
Splunk Employee

Try the newest version of the app (1.7) which limits the size of the lookup. I suspect this is issue has to do with the size of the lookup which is causing issues when sending out to the indexers in a distributed environment.

j

0 Karma

wallen2
New Member

I am also seeing the same issue with the 1.5 version of the app and Splunk enterprise 6.3. Bundle files filling up the volume on the search head this app is running on.

Any advice?

0 Karma

DavidHourani
Super Champion

any solutions ??

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...