Deployment Architecture

Splunk Health Check warnings

Loves-to-Learn

alt textHi All,

I'm receiving Distributed search health assessment warning while performing the Health Check in Splunk 6.6.8
Mine is a multi-clustered environment with totally 5 search heads and cluster master which is also identified as a search head by Splunk. I'm receiving the warning for cluster master.

For more information about the warning message, please see the attached images.

Could anyone please help me on why I'm receiving this warning message and what actions I should take to resolve this issue?]1

Thank You!

0 Karma

SplunkTrust
SplunkTrust

Hi @harimadambi,

Distributed search health assessment warning is linked to : Search Peer Not Responding. It checks the status of the search peers (indexers) of each search head.

It could be that one of your indexers is unreachable for one of the search heads. Or was down during this health check. Check the _internal logs for that search head to see any connection failure to the indexers. In your case it's very possible that your CM is defined as a search head but is unable to reach all search peers that are configured on it.

Cheers,
David

0 Karma

We have issues same you. if you solving problems please help me. Thank you

0 Karma

SplunkTrust
SplunkTrust

It's saying your cluster master has one search peer (indexer) in a degraded state. Have you tried the Suggested Action?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Loves-to-Learn

@richgalloway Thank you for your input. It seems all my search peers are up and in healthy state. I'll check further on this.

0 Karma