Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to resolve error "Error pulling configurations from the search head cluster captain"?

mintughosh
Path Finder
‎04-28-2017 04:24 AM

I am getting the error "Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member"

I tried to run the following command 

# splunk resync shcluster-replicated-config

but i am getting the error "Cannot resync_destructive: this instance is the captain"

I then tried to perform the rolling restart among search head cluster, run the following command

# splunk rolling-restart shcluster-members

But still I am getting the error "Error pulling configurations from the search head cluster captain"
I also ran splunk resync shcluster-replicated-config after rolling-restart.
But still not fix. and I am getting above errors

Please suggest a fix

Reply
1 Solution
Solved! Jump to solution
Solution

mintughosh
Path Finder
‎04-28-2017 05:08 AM

I am not getting the error now. I followed the below given action -

  1. stop the splunk on captain.
  2. deleted the files and directories under splunk/var/run/ after taking backup
  3. started the splunk on the search head.
  4. ran the resync command.

I have performed the above action 1 hour from now. I have not received any error as of now.

View solution in original post

Reply
Solved! Jump to solution

ridwanahmed
Path Finder
‎02-25-2020 08:04 AM

Can someone please explain why this is an issue/ why deleting var/run is the best solution?

0 Karma
Reply
Solved! Jump to solution

ridwanahmed
Path Finder
‎02-25-2020 09:39 AM

Found much of this answer reading @lguinn 's comment on https://answers.splunk.com/answers/454262/how-do-i-fix-splunk-resync-shcluster-replicated-co.html

0 Karma
Reply
Solved! Jump to solution

joesrepsolc
Communicator
‎11-18-2019 09:22 AM

Jut ran into this issue today after a big maintenance window this past week with lots of changes. This worked GREAT. Thank you everyone for the contributions. Awesome stuff!

0 Karma
Reply
Solved! Jump to solution

bandit
Motivator
‎11-09-2018 12:15 PM

Running Splunk 7.1.1

the manual/destructive resync on the cluster member having the error corrected the issue for our cluster.

splunk resync shcluster-replicated-config
Reply
Solved! Jump to solution

ktwingstrom
Path Finder
‎05-02-2019 09:47 AM

This worked for me! Thanks!

0 Karma
Reply
Solved! Jump to solution

linhmai_bne
Path Finder
‎03-16-2020 10:35 PM

This worked for me. Tks

0 Karma
Reply
Solved! Jump to solution
Solution

mintughosh
Path Finder
‎04-28-2017 05:08 AM

I am not getting the error now. I followed the below given action -

  1. stop the splunk on captain.
  2. deleted the files and directories under splunk/var/run/ after taking backup
  3. started the splunk on the search head.
  4. ran the resync command.

I have performed the above action 1 hour from now. I have not received any error as of now.

Reply
Solved! Jump to solution

mcazacu
Engager
‎10-20-2020 07:06 AM

Works on one of the members as well. I had a replication issue with one of the members, did the steps outlined here (on the member, not the captain) and it fixed it! 

Thanks! @mintughosh ! 🙂

0 Karma
Reply
Solved! Jump to solution

dineshraj9
Builder
‎04-28-2017 05:01 AM

Try transferring captain to another node and then perform resync.

https://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Transfercaptain#Change_the_captain

If this doesn't work, then restart the captain node and check.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...