Deployment Architecture

Connecting a standalone search head to only 1 indexer

DEngineer1
New Member

Hi Guys,

I'm trying to connect a standalone search head to only 1 indexer.
It's a simple setup, however I just not able to find any documentations on it.

I'm not sure if I'm doing it right, but I'm tried to add search peers but I got the following errors:

05-05-2017 10:30:02.232 +0200 WARN AdminHandler:DistributedSearchHandler - While attempting to add peer at uri=https://xxx.xxx.xxx.xxx:8089 , no http response was received with a Date header. Cannot check skew.

05-05-2017 10:30:02.232 +0200 INFO KeyManagerLocalhost - Sending public key to search peer: https://xxx.xxx.xxx.xxx:8089

05-05-2017 10:30:02.764 +0200 ERROR KeyManagerLocalhost - Error while sending public key to search peer: Connection reset by peer

Could anyone point me in the right directions?

Thank you.

Tags (1)
0 Karma

ChrisLH
Explorer

sorry for repost, maybe that's a better place, same problem on my side with AWS:
@DEngineer
did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.

0 Karma

DEngineer1
New Member

Hi Guys,

Thanks for the help.

I did some testing last night and I realized that might it might not be the configurations that is causing the problem.

Here my infrastructure setup:

Indexer is on AWS
Search head is a VM instance in my company.

Search head is able to telnet to index's IP via 8089. TCPdump on the indexer show the traffic too.
However the search head is not able to added the indexer as a search peer.

So I went ahead and create another Search head in AWS. This AWS search head have no problem adding the AWS indexer.

Not sure what is wrong with the Search head in my company.
The search peer is added via https://xxx.xxx.xxx.xxx:8089, using IP so I think DNS resolution is not an issue.
The Search head in my company is behind a firewall with NAT outgoing IP. The AWS indexer can only see the NAT IP of my company gateway.

Any configurations I need to do? 😞

0 Karma

ChrisLH
Explorer

Hey, did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.

0 Karma

alemarzu
Motivator

Hi there @DEngineer

Execute this on your Search Head and restart.

./splunk add search-server https://<IP,FQDN>:8089 -auth admin:password -remoteUsername admin -remotePassword passremote

Where remote Username and Password are the Indexer credentials. Also, make sure that both servers have their ports open.

Hope it helps.

0 Karma

adonio
Ultra Champion

hello DEnginner,

follow this doc: https://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Whatisdistributedsearch
it will lead you to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Overviewofconfiguration
then to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Configuredistributedsearch
and will explain in detail how to add the indexer as a search peer to the search head via CLI GUI or conf files
hope it helps

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...