Hi, During ad hoc searches we are getting messages "unable to distribute to peer named splunk_index01 at url https://10.1.6.1:8089 because replication was unsuccessful replicationStatus in progress". And when this message displayed, the search results were incorrect. We were getting less events in search resutls than expected. Is there a way to avoid this error? The size of the replication was approximately but less than 300MB. And we had excluded the lookup tables in replication using the configuration below:
[replicationBlacklist] donotreplicate = .../*.csv
If all the machines are on a LAN, the best way to make replication faster is to disable splunkd SSL. I'd suggest checking what are the large files being replicated on the indexer in
Hi, we had already disabled SSL , but replication failed message still appeared as usual.
in server.conf (search head)
enableSplunkSSL = false
we had restarted splunk service after modified server.conf
The blacklist setting was added in 4.1.5. SSL must be disabled on the indexers. If on set on the search head, it will fall back to SSL in order to communicate with the indexers which are configured to speak only SSL.
thank Stephen, You remind me of Splunk 4.1.4 doesn't support Blacklist.
before we upgrade to 4.1.5 can we use "replicationWhitelist = .../*.conf" to avoid replicate *.csv files ?