Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error trying to push app from deployer

gwobben
Communicator
‎11-06-2015 12:08 AM

I'm getting this error when I try to push an app to my search head cluster:
Error when getting master uri from target to do a rolling-restart Service Unavailable

I've used the command:
sudo ./splunk apply shcluster-bundle -target https://[SOME SEARCH HEAD]:8089 -auth admin:'[THE PASSWORD]'

It stopped working since we've fixed the IP addresses of the Splunk nodes. Anyone an idea how to fix/debug this?

Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎11-06-2015 01:46 AM

You need to correct anything wrong with your SHC first.

Run this command from your search head(s) and let us know the output:

 splunk show shcluster-status -auth <username>:<password>

Also it is best practice to create your own splunk user & group, and run splunk as that user.

#If splunk is running as sudo or root, stop it first.
groupadd splunk
useradd splunk -g splunk
chown -Rf splunk. /opt/splunk  #or wherever you have splunk installed

You'll probably have to fix/rebuild the SHC using some of these commands from each search head:

 splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -replication_factor <n> -conf_deploy_fetch_url <URL>:<management_port> -secret <security_key>

 splunk restart

http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/ViewSHCstatus
http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/SHCdeploymentoverview

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎11-06-2015 01:46 AM

You need to correct anything wrong with your SHC first.

Run this command from your search head(s) and let us know the output:

 splunk show shcluster-status -auth <username>:<password>

Also it is best practice to create your own splunk user & group, and run splunk as that user.

#If splunk is running as sudo or root, stop it first.
groupadd splunk
useradd splunk -g splunk
chown -Rf splunk. /opt/splunk  #or wherever you have splunk installed

You'll probably have to fix/rebuild the SHC using some of these commands from each search head:

 splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -replication_factor <n> -conf_deploy_fetch_url <URL>:<management_port> -secret <security_key>

 splunk restart

http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/ViewSHCstatus
http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/SHCdeploymentoverview

0 Karma
Reply
Solved! Jump to solution

gwobben
Communicator
‎11-06-2015 06:18 AM

We've rebuild the SHC (splunk init shcluster-config ... ) and started the election for captain again. Then things started working again. Thanks guys!

0 Karma
Reply
Solved! Jump to solution

jeffland
SplunkTrust
SplunkTrust
‎11-06-2015 01:35 AM

I don't know if this causes your problem, but generally, I'd advise against sudoing splunk. It causes all kind of undesired behavior with folder/file ownership and permissions if some splunk actions are performed as a different user.

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Observability - October 2025

What’s New?  We’re excited to announce the latest enhancements to Splunk Observability Cloud and share what’s ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened Audit Trail v2 wasn’t written in isolation—it was shaped by your voices. In ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...