Deployment Architecture

Unable to add search peer from search head using distributed search :no route to host or connection refused

New Member

Issue:Unable to add search peer from search head using distributed search :no route to host or connection refused error

we have 5 instance

search head license master
search head enterprise security
heavy forwader
deployment server

all vm instances are created , we are now adding search peers from search head license master and search head enterprise security, the search peer would be indexer.

here from search head LM we cannot do a telnet to indexer using 8089 port, but vice versa it is working.

also telnet from search head Enterprise security to search head LM is also connecting

but we are unable to do telnet to indexer on port 8089 from both SH LM and SH ES.

while trying to add new peer if we put htttps://ipaddress:8089 we get error no route to host

if we put https://hostnameofindexer:8089 and add peer we get error connection refused

splunk version:8.0
vmware esxi
os:centos 8

This issue is very critical as whole project is stuck now.

0 Karma

New Member

this issue is resolved it was a host name conflict

0 Karma

New Member

on my indexer if do netstat , it shows the port is used by SHLM i.e
it shows TCP connection established

i am getting the below errror while trying to add serch peer on SHLM andSHES

from SHLM i can ping and do telnet to indexer

from SHES also i can ping and do telnet to indexer

for remote user name and password , i am entering the admin username and password which i use to login to indexer web and which i created during the splunk installation , is this correct

error:Encountered the following error while trying to save: Peer with server name localhost.localdomain conflicts with this server's name.

disabling the firewall on indexer or Search heads ...please clarify...

tried disabling it on indexer no go...

please check this at priority as i am stuck now

0 Karma

Ultra Champion

Everything in your post suggests that this is either a networking issue, or for some reason Splunk is not accepting connections.
The difference between the results of your browsers tests is just an artifact of how your browser reports failures for IP vs DNS name.

  • On your indexers, run netstat to confirm that the ports are open on 8089.
  • Confirm your SH can ping/route to indexers
  • Confirm you have no harware/application firewalls keeping connections out. On centos 8, you can try disabling the Firewall temporarily systemctl stop firewalld to see if that resolves the issue - remember to restart it and add rules if it does!
If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...