I am just starting use of Splunk Enterprise using AWS EC2. I Have 1 Search Head running on a Windows AMI, 1 Master Indexer running on a Debian AMI, and 20 Peer Indexers also running on Debian instances. All of these components are using ver 6.2.2. From the AWS side all of these instances are in the same VPC and subnet. All of the instances also use the same EC2 Security group with the following rule-set:
RDP TCP 3389 184.108.40.206/32
Custom TCP Rule TCP 514 0.0.0.0/0
SSH TCP 22 220.127.116.11/32
Custom TCP Rule TCP 8191 0.0.0.0/0
Custom TCP Rule TCP 8089 0.0.0.0/0
Custom UDP Rule UDP 514 0.0.0.0/0
Custom TCP Rule TCP 8000 0.0.0.0/0
Custom TCP Rule TCP 5900 - 5909 18.104.22.168/32
Custom TCP Rule TCP 9997 0.0.0.0/0
Custom TCP Rule TCP 5800 22.214.171.124/32
I configured the Master with no problem (not surprising) but when attempting to configure the first peer using the private IP of the master, port 8089 for the master port, port 8191 for the replicator port, and the password seed for the symm key, I get a failure message that the peer cannot connect with the master either because the master_uri or the secret key is wrong or invalid.
Don't know if this specific issue has been addressed previously - didn't find any specific prior references to it (but maybe I didn't look hard enough - lol).
Thanks for any insights into what might be going on here.