Re: After upgrading my indexer and search head to ...

dominick_catald · ‎09-30-2015

I just updated my Splunk indexer and search head to version 6.3, and now I keep getting this error:

Search peer has the following message: msg="A script exited abnormally" input="C:\Program Files\Splunk\bin\splunk-powershell.exe" stanza="default" status="exited with code 1"

Any idea?

I have 1 index and 1 search head on a Windows 2008 R2 box.

ronogle · ‎11-03-2015

Seems to be a bug. SOLNESS-7880 has been submitted.

I was told to do the following to suppress the errors:

You will have to restart the instance.

jaffaradmin · ‎11-23-2015

Any updates on this bug? Have issue even after adding the above mentioned inputs.

salbro · ‎11-24-2015

I had a ticket open with support. They instructed me to disable the message flow either by doing the above, or doing the equivalent from the web UI. It is a known bug, as also mentioned here.

In my case, the messages were not due to any real error on my end. Something in one of the scripts was tripping up the message because the result output was 1, and therefore triggered the message warning. If you are worried about whats actually going on with your particular system, have a look in your splunkd.log file, its how we were able to determine when and why.

TL;DR look at your logs and do the above stated suppression for the executable. It will be addressed in a future update.

hazclan13 · ‎12-03-2015

Just got this ourselves on an ES deployment. Will use the workaround for now. Thanks for posting!

dominick_catald · ‎11-04-2015

I have a case open with splunk and they said to do the same thing. ES is doing a check of all the scripted inputs - and it's not running that one correctly for some reason.

I am afraid if I suppress this alert its going to come back and hurt me in the future.

saurabh_tek · ‎11-03-2015

Hello Splunkers - i am getting the same error message. Please suggest something if you have faced and resolved this issue before.

salbro · ‎10-27-2015

I also have this issue after upgrading from 6.2.4. I have a couple more machines running Enterprise, but I'm getting two messages.. one for splunk-powershell.exe and another with argument --ps2. Both have the same stanza and status message as OP.

ronogle · ‎10-10-2015

I have the same issues after upgrading to 6.3 on Windows. Although, I don't get the "Search peer" condition.

configuration_check.log:2015-10-10 15:00:03,690 ERROR pid=14712 tid=MainThread file=configuration_check.py:run:160 | status="completed" task="confcheck_script_errors" message="msg="A script exited abnormally" input="D:\Program Files\Splunk\bin\splunk-powershell.exe" stanza="default" status="exited with code 1""
configuration_check.log:2015-10-10 15:00:03,767 ERROR pid=14712 tid=MainThread file=configuration_check.py:run:160 | status="completed" task="confcheck_script_errors" message="msg="A script exited abnormally" input="D:\Program Files\Splunk\bin\splunk-powershell.exe --ps2" stanza="default" status="exited with code 1""

After upgrading my indexer and search head to Splunk 6.3, why is the search peer reporting a Powershell script exited abnormally

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!