Hi Guys,
I'm trying to connect a standalone search head to only 1 indexer.
It's a simple setup, however I just not able to find any documentations on it.
I'm not sure if I'm doing it right, but I'm tried to add search peers but I got the following errors:
05-05-2017 10:30:02.232 +0200 WARN AdminHandler:DistributedSearchHandler - While attempting to add peer at uri=https://xxx.xxx.xxx.xxx:8089 , no http response was received with a Date header. Cannot check skew.
05-05-2017 10:30:02.232 +0200 INFO KeyManagerLocalhost - Sending public key to search peer: https://xxx.xxx.xxx.xxx:8089
05-05-2017 10:30:02.764 +0200 ERROR KeyManagerLocalhost - Error while sending public key to search peer: Connection reset by peer
Could anyone point me in the right directions?
Thank you.
sorry for repost, maybe that's a better place, same problem on my side with AWS:
@DEngineer
did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.
Hi Guys,
Thanks for the help.
I did some testing last night and I realized that might it might not be the configurations that is causing the problem.
Here my infrastructure setup:
Indexer is on AWS
Search head is a VM instance in my company.
Search head is able to telnet to index's IP via 8089. TCPdump on the indexer show the traffic too.
However the search head is not able to added the indexer as a search peer.
So I went ahead and create another Search head in AWS. This AWS search head have no problem adding the AWS indexer.
Not sure what is wrong with the Search head in my company.
The search peer is added via https://xxx.xxx.xxx.xxx:8089, using IP so I think DNS resolution is not an issue.
The Search head in my company is behind a firewall with NAT outgoing IP. The AWS indexer can only see the NAT IP of my company gateway.
Any configurations I need to do? 😞
Hey, did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.
Hi there @DEngineer
Execute this on your Search Head and restart.
./splunk add search-server https://<IP,FQDN>:8089 -auth admin:password -remoteUsername admin -remotePassword passremote
Where remote Username and Password are the Indexer credentials. Also, make sure that both servers have their ports open.
Hope it helps.
hello DEnginner,
follow this doc: https://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Whatisdistributedsearch
it will lead you to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Overviewofconfiguration
then to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Configuredistributedsearch
and will explain in detail how to add the indexer as a search peer to the search head via CLI GUI or conf files
hope it helps