Deployment Architecture

unable to distribute to peer - unable to get auth token - READ TIMEOUT


We Just migrated two SH Vms to a new data center. Now we are having intermitten timeouts to where the search heads cannot distribute to peers and I am seeing this error message

WARN GetRemoteAuthToken - Unable to get auth token from peer: due to: Read Timeout; exceeded 60000 milliseconds

0 Karma

Splunk Employee
Splunk Employee

Hi @bycyates. Did you figure out how to solve this problem? If so, would you mind describing what you did as an answer so other users could learn from your work? Thanks!

0 Karma

Super Champion

I suspect as you have migrated two SH Vms to a new data center there may be a connectivity issue
This usually appears when the search head cannot authenticate with search peers in the distributed environment. Pls re-authenticate either using CLI or from the GUI within the search head : settings-> distributed search -> Search peers and ensure, its up and enabled.

0 Karma



This looks like authentication error. I think it is related to the distServerKeys being regenerated.
Also check the cluster pass4symmkey.

Let me know if this helps!!!

0 Karma
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...