Hello,
I am trying to add another search peer to my search head, through the Settings > Distributed Search menu. I do not have a username or password to connect to the search peer I want to add however, as I connect to it using putty and a ppk file.
A week ago I was somehow able to add my first search peer, which has the same issue above(ppk file only for logging in), but I can't remember how I did it. Any ideas how I might have done it?
thank you
Hi RecoMark0,
If you're talking about OS level username and/or password then the answers would be: It depends on how to add a search peer.
If your using the UI; all you need is a Splunk user with admin role and its password and you are able to add a search peer using the method described in the docs here http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/Configuredistributedsearch#Use_Splunk_W...
You would need an OS level user if your adding the search head via CLI commands to exchange the Splunk keys like described here http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/Configuredistributedsearch#Use_the_CLI
Hope this helps ...
cheers, MuS
Hi RecoMark0,
If you're talking about OS level username and/or password then the answers would be: It depends on how to add a search peer.
If your using the UI; all you need is a Splunk user with admin role and its password and you are able to add a search peer using the method described in the docs here http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/Configuredistributedsearch#Use_Splunk_W...
You would need an OS level user if your adding the search head via CLI commands to exchange the Splunk keys like described here http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/Configuredistributedsearch#Use_the_CLI
Hope this helps ...
cheers, MuS
This worked for me! The UI did not work for me earlier because the value for sslKeysfilePassword in server.conf was wrong, so I just commented it out since we use the default ssl from splunk. Thanks MuS!
Thank you for the response. I attempted to add using the UI again, and I get the following error:
Encountered the following error while trying to save: Splunkd daemon is not responding: ('Error connecting to /servicesNS/admin/system/search/distributed/peers: The read operation timed out',)
Is this related, or is this a different issue?
That's something different, looks like your not either of your splunkd (search head or the search peer) is down 😞 Or maybe there is a connection problem and your not able to connect to the search peers 8089 TCP port.