Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

replication error messages

alextsui
Path Finder
‎12-29-2010 01:37 AM

Hi, During ad hoc searches we are getting messages "unable to distribute to peer named splunk_index01 at url https://10.1.6.1:8089 because replication was unsuccessful replicationStatus in progress". And when this message displayed, the search results were incorrect. We were getting less events in search resutls than expected. Is there a way to avoid this error? The size of the replication was approximately but less than 300MB. And we had excluded the lookup tables in replication using the configuration below:

[replicationBlacklist] donotreplicate = .../*.csv

Thanks.

Tags (1)
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎12-29-2010 05:00 PM

If all the machines are on a LAN, the best way to make replication faster is to disable splunkd SSL. I'd suggest checking what are the large files being replicated on the indexer in $SPLUNK_HOME/var/run/searchpeers/<indexer>/<newest subdir>.

Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎01-07-2011 12:04 AM

The replicationWhitelists act as a union, so you'd have to remove the other ones.

0 Karma
Reply

dmlee
Communicator
‎01-05-2011 11:48 PM

thank Stephen, You remind me of Splunk 4.1.4 doesn't support Blacklist.
before we upgrade to 4.1.5 can we use "replicationWhitelist = .../*.conf" to avoid replicate *.csv files ?

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎01-05-2011 06:26 PM

The blacklist setting was added in 4.1.5. SSL must be disabled on the indexers. If on set on the search head, it will fall back to SSL in order to communicate with the indexers which are configured to speak only SSL.

0 Karma
Reply

dmlee
Communicator
‎01-05-2011 11:40 AM

BTW, I had already set
[replicationBlacklist] donotreplicate = .../*.csv
but all *.csv files are still been replicated
we use Splunk 4.1.4.

0 Karma
Reply

dmlee
Communicator
‎01-05-2011 11:31 AM

Hi, we had already disabled SSL , but replication failed message still appeared as usual.

in server.conf (search head)
[sslConfig]
enableSplunkSSL = false

we had restarted splunk service after modified server.conf

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...