Solved: Why is my windows cluster peer node continually re...

jdastmalchi_spl · ‎04-05-2013

I've set up a new windows cluster, but one of my nodes seems to be in a continual restart. When I looked in splunkd.log, I found the following messages near each restart:

    04-03-2013 08:43:37.608 +0200 INFO  CMSlave - successfully moved bundle from 'C:\Program Files\Splunk\var\run\splunk\cluster\remote-bundle\b080fa58dab1dff841b292814b7f6c5e-1364971417' to 'C:\Program Files\Splunk\etc\slave-apps'
04-03-2013 08:43:37.608 +0200 INFO  loader - Downloaded new bundle from the cluster master. Restarting splunkd...

I've noticed that the slave-apps folder, where the configuration is supposed to end up, is empty. Has anyone seen this, and if so, how can I resolve the problem?

jbsplunk · ‎04-05-2013

We've seen the splunk service account lose full permissions over the slave-apps directory on windows. Restoring those permissions stopped the restarting loop. The permissions showed "special" for the splunk service account and the Administrators group. Restoring the full permissions resolve the issue for us.

View solution in original post

jbsplunk · ‎04-05-2013

We've seen the splunk service account lose full permissions over the slave-apps directory on windows. Restoring those permissions stopped the restarting loop. The permissions showed "special" for the splunk service account and the Administrators group. Restoring the full permissions resolve the issue for us.

Why is my windows cluster peer node continually restarting?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms