Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I unable to apply search head cluster bundle?

martaBenedetti
Path Finder
‎01-24-2023 08:28 AM

Hi community,

I've just performed an upgrade on my infrastructure (distributed environment) from Splunk 8.2.3 to Splunk 9.0.3.

All the instances seem to work fine, I have problems though in applying search head cluster bundle.

I use this command to upgrade Splunk Enterprise Security:

 

$SPLUNK_HOME/bin/splunk apply shcluster-bundle -preserve-lookups true -target https://instance1:8089

 

 

But it doesn't work and I receive this message:

 

Error while deploying apps to first member, aborting apps deployment to all members: Error while updating app=SplunkEnterpriseSecuritySuite on target=https://instance1:8089: Error in JSON response: Unexpected EOF

 

 

Do you have any idea of what could be the problem?

 

Thank you

Marta

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-24-2023 10:07 AM

Hi @martaBenedetti,

I encountered a similar problem (not on ES) caused by too few disk space on the Deployer.

But anyway, immediately open a case to Splunk Support.

Ciao.

Giuseppe

 

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-24-2023 10:07 AM

Hi @martaBenedetti,

I encountered a similar problem (not on ES) caused by too few disk space on the Deployer.

But anyway, immediately open a case to Splunk Support.

Ciao.

Giuseppe

 

Reply
Solved! Jump to solution

kvm
Explorer
‎04-17-2023 06:50 PM

Hi @gcusello 

What was the root cause & solution? and which Splunk version were you using?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎04-17-2023 11:52 PM

Hi @kvm,

it's always better to open a new question instead append it to an existing one, event if with the same topic because because less people should answer to your question.

Anyway, the root cause were two:

  • not enough disk space on the Deployer,
  • there were many large lookups.

So when the Deployer prepared the bundle to deploy it didn't have enough space.

You can solte this problem in three ways:

Ciao.

Giuseppe

Reply
Solved! Jump to solution

skrivis
Engager
‎05-10-2023 07:53 AM

I found that I was getting that same error about "Unexpected EOF," but there was plenty of disk space on the deployer and all cluster members.

I finally tried restarting splunk on all of the SH cluster members and after that I was able to successfully push the bundle.

Reply
Solved! Jump to solution

computermathguy
Explorer
‎08-28-2023 09:27 AM

We got the same error for all the members of the cluster.  When it occurred, we had to restart Splunk on each member. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-11-2023 12:15 AM

Hi @skrivis,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...