- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a simple setup, one searchhead and one indexer. Starting from the latest upgrade to 4.2.4 the size of bundle file on the searchhead is always zero and it is not being replicated to the indexer.
How could I fix this or how could I find the cause of the problem?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved the problem by creating a blacklist for the directory containing the symlink, the following post helped me a lot:
http://splunk-base.splunk.com/answers/36774/distributed-search-knowledge-bundle-regex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved the problem by creating a blacklist for the directory containing the symlink, the following post helped me a lot:
http://splunk-base.splunk.com/answers/36774/distributed-search-knowledge-bundle-regex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the cause of the problem : a symbolic link in the /opt/splunk/etc/apps/applicationname/appserver/static folder. It was working in earlier versions (4.2.2) . Could it be a bug?
