I have two Linux VMs running on my Windows 7 box. I'm trying to configure one as a search peer and one as the search head. Inside their Linux environments, each box can ping the other on a VM internal network.
On the search head, I am trying to add a new search peer.
For the "Peer" field, I've typed in the search peer's IP address, with ":8089" appended.
For "Authentication" I've tried both an admin account on the search peer, as well as the Splunk admin account credentials for the search peer.
No matter what I try, I get the error in the question above. Any help would be appreciated.
It sounds like you have connectivity between hosts, but you might want to check that you can initiate a TCP connection between the two. No route to host implies that your search head doesn't know how to reach your search peer on the network. On the search head are you able to connect to the remote port of the indexer?
telnet <indexer ip> 8089
or
nc -v <indexer ip> 8089
If the connection fails, you have a problem with connectivity between the VMs and you might need to disable firewalling or make some adjustments to the network config for your VMs/Host.
If the connection works, then your problem is higher up the stack. Does each VM have a local hostname? When you add the peer by IP, it may be responding back with its hostname, and the search head may try and connect to that (or vice-versa). Try creating entries in the /etc/hosts file on each server so that the VMs are resolvable by name.
Also, it doesn't sound like the right error, but make sure you reset the default admin password on each splunk instance. Otherwise remote connectivity to the API port (8089) using admin is disabled.
It sounds like you have connectivity between hosts, but you might want to check that you can initiate a TCP connection between the two. No route to host implies that your search head doesn't know how to reach your search peer on the network. On the search head are you able to connect to the remote port of the indexer?
telnet <indexer ip> 8089
or
nc -v <indexer ip> 8089
If the connection fails, you have a problem with connectivity between the VMs and you might need to disable firewalling or make some adjustments to the network config for your VMs/Host.
If the connection works, then your problem is higher up the stack. Does each VM have a local hostname? When you add the peer by IP, it may be responding back with its hostname, and the search head may try and connect to that (or vice-versa). Try creating entries in the /etc/hosts file on each server so that the VMs are resolvable by name.
Also, it doesn't sound like the right error, but make sure you reset the default admin password on each splunk instance. Otherwise remote connectivity to the API port (8089) using admin is disabled.
I tried telnet and it failed. This made me realize that I hadn't opened port 8089. I did that, and I can now add the search peer. Thank you for the assistance.