Solved: Failed to create a bundles setup with server name ...

xisura · ‎10-01-2017

Hi ,

Im trying to connect the sh cluster to indexer cluster,Im using Splunk Version 7. All the status are ok.
But everytime i will query a search this error shows up

[idx1] [idx2] [idx3] Failed to create a bundles setup with server name 'GUID'. Using peer's local bundles to execute the search, results might not be correct

in splunkd.log it shows

10-01-2017 22:01:43.115 +0800 WARN ISplunkDispatch - Gave up waiting for the captain to establish a common bundle version across all search peers; using most recent bundles on all peers instead

Please enlighten me

Thanks in Advance

xisura · ‎10-01-2017

This error will show up if one of the sh cluster member doesn't have the same no. of search peers

View solution in original post

xisura · ‎10-01-2017

This error will show up if one of the sh cluster member doesn't have the same no. of search peers

bandit · ‎06-16-2018

Thanks for the solution @xisura. In verion 7.0.x the feature to replicate the search peers config to other members of the search cluster didn't work for me so I had to use a script/command line on each search cluster member to add all peers.

# when scripted from a remote host
ssh -n [SEARCH_HEAD] "/opt/splunk/bin/splunk add search-server https://[SEARCH_PEER]:8089 -auth [LOCAL_ADMIN_ACCOUNT]:[LOCAL_ADMIN_PASS] -remoteUsername [REMOTE_USER] -remotePassword [REMOTE_PASS]"

OR

# locally 
/opt/splunk/bin/splunk add search-server https://[SEARCH_PEER]:8089 -auth [LOCAL_ADMIN_ACCOUNT]:[LOCAL_ADMIN_PASS] -remoteUsername [REMOTE_USER] -remotePassword [REMOTE_PASS]

Failed to create a bundles setup with server name 'GUID'.

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life