Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timeout on configuring Distributed Search

robtheorg
New Member
‎07-25-2012 03:31 PM

I am setting up Distributed Search for the first time. When I enter the Peer and Authentication information, I get the red error msg;

Encountered the following error while trying to save: In handler 'distsearch-peer': Error while sending public key to search peer https://splunk11:8089: Connect timed out.

Splunk is running on the peer, but when I try to manually telnet to 8089, the connection is immediately refused. When I do a netstat -an on the box, it is not showing anything listening on 8089.

0 Karma
Reply

splunker12er
Motivator
‎12-04-2015 03:52 PM

Troubleshooting Steps:

1.Login to Splunk indexer & Splunk search head (ssh)
2.From indexer : Check splunk service is running : $SPLUNK_HOME/bin/splunk status

Possible Error:
splunkd xxxx was not running.
Stopping splunk helpers...
couldn't send SIGTERM to pid xxxx: Operation not permitted
Couldn't send SIGTERM to some splunk helpers.              [FAILED]
Error: Unable to stop splunk helpers.

  1. From indexer : Goto >> $SPLUNK_HOME/var/run/splunk/

    rm splunkd.pid
    $SPLUNK_HOME/bin/splunk status
    $SPLUNK_HOME/bin/splunk start

  2. It should work.

OR
Possibly Firewall issues:

From indexer :

telnet localhost 8089

Check 8089 port is listening

From search head:

telnet splunk-indexer 8089

check u can able to reach 8089 port of indexer
You should have allowed in firewall rules.

0 Karma
Reply

ldgrube
Engager
‎02-17-2014 09:27 AM

I noticed on mine that the new search head was listening on 8089 but the older indexer was listening on 8090 (just FYI)

0 Karma
Reply

hjwang
Contributor
‎07-25-2012 08:26 PM

remote peer not listening on 8089? sounds wired, restart it and check if splunkd 8089 is opened

0 Karma
Reply

robtheorg
New Member
‎07-26-2012 12:18 PM

Splunk was configured to listen on a different/non-standard port. Once I solved that, I was able to get the Instances talking to each other.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...