Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

WHAT is this error "Search peer "sql01" has the following message: pass4SymmKey setting in the clustering or general stanza of server.conf is set to empty or the default value. You must change it to a different value."?

akhil4mdev
Explorer
‎06-19-2018 09:53 AM

Detail :

The search head i am working is called "BLADE"

A customer stack has :

2 IDX (sql01,sql02)in a cluster with a cluster master.(sqlMaster1)
A search head(SH1,SH2) cluster with a deployer .

SO FOR EASY ACCESS :
we again attached the 2 IDX (sql01,sql02) of customer stack as search peers to "BLADE" and also added the customer stacks cluster master(sqlMaster1) under "indexer clustering" in "BLADE".

so sql01 went down
under "BLADE" -->distributed search --> search peers

so i deleted it and added it

now i can see it is up and running

But i see this error on searchhead "BLADE"

Search peer "sql01" has the following message: pass4SymmKey setting in the clustering or general stanza of server.conf is set to empty or the default value. You must change it to a different value.

Tags (1)
0 Karma
Reply

darrenfuller
Contributor
‎06-19-2018 10:23 AM

Hi @akhil4mdev,

On BLADE, run the following: 

/opt/splunk/bin/splunk btool server list --debug | egrep "(\[(clustering|shclustering)\]|pass4SymmKey\s+\=)"

This will return something like the following: 

/opt/splunk/etc/apps/org_cluster_search_base/default/server.conf       [clustering]
/opt/splunk/etc/system/default/server.conf                             pass4SymmKey =
/opt/splunk/etc/apps/org_cluster_search_base/local/server.conf         pass4SymmKey = $1$t7/fkqNtX2XLT7JoAA==
/opt/splunk/etc/system/default/server.conf                             pass4SymmKey =
/opt/splunk/etc/system/default/server.conf                             [shclustering]
/opt/splunk/etc/system/default/server.conf                             pass4SymmKey =

Now, that error message is saying that one of either [clustering] or [shclustering] has not set a custom value. if you look at the example, i have a custom pass4SymmKey set on /opt/splunk/etc/apps/org_cluster_search_base/local/server.conf to set the value for [clustering], but for [shclustering], there is nothing other than the /etc/system/default value.... This one is the one that needs to be addressed.

The value for pass4SymmKey needs to match on all the hosts in a cluster as well as the deployer / cluster master.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...