Re: Why am I getting this dashboard error daily? "...

splunkdeploy · ‎03-24-2015

Hi,

I get this error daily in my Splunk dashboard.

Error: "Search peer xxxxidx01 has the following message: Splunk must be restarted for changes to take effect."

If i restart splunk, it will be fine, but I noticed I am getting this frequently. Hence, I decided to reboot my idx VM. Once the reboot is done, the error is gone, but I get bad luck after some time and the same error occurs.

What is the issue here? In which config file I can check regarding this?

Please suggest me one permanent solution for this.

Regards,
Unni TN

masonmorales · ‎03-24-2015

You could use the Splunk on Splunk app to look through ERRORs and WARNs in your Splunk environment to see if something is prompting a reboot. You may wish to contact Splunk Support to help diagnose the issue though.

splunksurekha · ‎04-09-2015

Hi,

checked under ERRORS and WARNs for that particular indexer and nothing is prompting for a reboot.
Is there a specific error which i can search for in splunkd.log or or some other log file.
Please give us some solution as we are facing this almost every day and not able to get rid of this error.

Thanks
Surekha

splunksurekha · ‎03-26-2015

Hi,

This is with regards to the request from Unni.

We have installed sos and looked through the errors and warns but couldn't find anything related to reboot or restart of the server.
Can you tell me what exact error i should look for.

Thanks
Surekha.

Why am I getting this dashboard error daily? "Search peer xxxxidx01 has the following message: Splunk must be restarted for changes to take effect."

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023