Deployment Architecture

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

shariinPH
Contributor

HI,

I am getting a problem with regards with adding search peer in my search head
I'm getting this error

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

does anyone know why i am getting this error?

Cheers!

0 Karma
1 Solution

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

View solution in original post

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

lakshman237
Path Finder

Pls check if the connectivity from search head to indexer works [ by ping or telnet ip mgmt. port]. If there is a connectivity/network issue, we still get the same error. [ I assume you are entering correct admin password when configuring them]

0 Karma

shariinPH
Contributor

hi esix_splunk, thanks for your answer but still its not working.. Status is still authentication failed.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Did you delete the search peer, and then recreate?

Also, have you validated that the user and password is valid on the indexer host?

shariinPH
Contributor

Hi esix_splunk, we've figured it out.
The management port was changed.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...