Deployment Architecture
Highlighted

StreamedSearch - Failed to create a bundles setup with server name

Explorer

I'm seeing this error message on the indexer frequently.
04-12-2013 19:05:53.085 +0000ERROR StreamedSearch - Failed to create a bundles setup with server name ''. Using peer's local bundles to execute the search, results might not be correct
and
04-12-2013 19:05:53.084 +0000 WARN StreamedSearch - Could not find bundles for search head provided checksum=5336122915231021645. Using latest bundles.

on the search head, I frequently see this error:
04-12-2013 19:58:11.004 +0000 ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening "": No such file or directory

When this happen, search head returns:
Search results may be incomplete, peer 's search ended prematurely. This may be caused by a variety of reasons, please consult logs on peer for details!

and no result is given. THe search head is a part of search head pooling. Anybody has seen this error before?

Highlighted

Re: StreamedSearch - Failed to create a bundles setup with server name

Path Finder

I have the same exact problem. If someone answers or you figure it out would you let me know?

0 Karma
Highlighted

Re: StreamedSearch - Failed to create a bundles setup with server name

SplunkTrust
SplunkTrust

I just started seeing these messages today. We are running 4.3 in a distributed environment.

Highlighted

Re: StreamedSearch - Failed to create a bundles setup with server name

SplunkTrust
SplunkTrust

I found the answer to my problem. A system administrator had mounted another NFS file system over the top of the shared data filesystem. This happened on two of our indexers, so access to the data under that mount point was being hidden.

Highlighted

Re: StreamedSearch - Failed to create a bundles setup with server name

Explorer

Did you ever get this one resolved? Observing similar behavior on our 5.0.4 installation.

0 Karma
Highlighted

Re: StreamedSearch - Failed to create a bundles setup with server name

Explorer

For StreamedSearch error, time sync between our NFS server and the search head seems to be the issue. Once we turned on ntpd on all of them, I no longer see this issue. For some reason, the internal logs indicated that the full bundles is keep being sent over to the indexers instead (should be incremental).

For ProcessDispatchedSearch, I was told that it's a bug that has already been fixed on the later version. If I recall correctly, it has something to do with zipping and unzipping bug.

0 Karma