Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting the following "send failure" message in my internal logs: "pushing PK to search peer" ?

jelizabeth
New Member
‎09-12-2018 06:23 AM

Here is the complete warning message: 

Send failure while pushing PK to search peer = https://*.*.*.*:8089 , Read Timeout

I'm getting the above warning messages in the internal Splunk logs every minute from each of our 3 search heads.

The search peer in question is in our secondary site (let's say B) to the search heads (site A), but there are two other search peers in the same site (B) which we don't get any warning messages for.

I've done a ping and netcat from each of the search heads in site A to each of the three search peers in Site B and the results are the same for each one, connection established and similar ping times.

It's not a connection issue, so i'm wondering what else could be causing it?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-12-2018 07:50 AM

It looks like you have some network issues between site A and site B (Maybe high latency). Same problem faced by other user previously and for them it was network issue. (reference : https://answers.splunk.com/answers/455635/why-is-my-search-head-cluster-not-working-after-up-1.html)

0 Karma
Reply

jelizabeth
New Member
‎09-13-2018 12:32 AM

As previously stated we don't believe it's a network issue as all tests between instances show no latency. we are looking for an alternative reason as to what could be causing the issue.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-13-2018 03:54 AM

In that case you can directly distribute key files using process given here in Splunk Docs and after that check again whether splunk on Search Head in Site 1 is still complaining. If yes then I'll suggest to raise case with splunk support.

0 Karma
Reply

jelizabeth
New Member
‎09-13-2018 06:26 AM

thanks I'll give that a go

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...