Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

BIND IP Causing issues with RTSearch...

balbano
Contributor
‎07-06-2010 03:12 PM

We have done an interface binding (to IP: index1_IP) on one of our indexers.

This was done on one of the indexer (indexer1) as testing:

etc/splunk-launch.conf:

SPLUNK_BINDIP=index1_IP

etc/system/local/web.conf:

mgmtHostPort = index1_IP:8089

Afterward, we noticed an issue with the live-tail feature on both the search head and indexer:

search head:

[index1] Streamed search execute failed because: Error in 'RealTimeSearch': Failed to connect with url 'https://127.0.0.1:8089/services/streams/rtsearch' because of Encountered a connection error for host 127.0.0.1:8089\n..

from index1:

Failed to create result provider for remote peer 'index1' at uri '' with the stream 'rtlitsearch ( host=arg1* OR host=arg2* ) arg3 | fields keepcolorder=t * "*" "host" "index" "source" "sourcetype" "splunk_server"'.

It seems from the error displayed on the search head that it's not tailing the indexer by the correct IP.

Are we missing more parameter in some conf files in order to bind to the IP successfully?

Let me know if you guys need any further info.

Just FYI that we have an open support case for this but we have not heard back from Splunk Support so I am trying Splunk Answers since you guys are always fast and helpful.

Thanks.

Brian

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

balbano
Contributor
‎07-07-2010 04:36 PM

As a workaround until someone can shed some light on this, we have done the following:

  • Installed rinetd in order to do port forwarding from 127.0.0.1:8089--->index1_IP:8089...

This seems to have fixed the problem until we hear from anyone here or from the support engineers.

Brian

View solution in original post

0 Karma
Reply
Solved! Jump to solution

matt
Splunk Employee
Splunk Employee
‎07-07-2010 06:03 PM

The two functions (BINDIP and Real-time search) do not play well with each other. This is being tracked as SPL-32549 and we hope to have it addressed in an upcoming maintenance release

0 Karma
Reply
Solved! Jump to solution
Solution

balbano
Contributor
‎07-07-2010 04:36 PM

As a workaround until someone can shed some light on this, we have done the following:

  • Installed rinetd in order to do port forwarding from 127.0.0.1:8089--->index1_IP:8089...

This seems to have fixed the problem until we hear from anyone here or from the support engineers.

Brian

0 Karma
Reply
Solved! Jump to solution

Paolo_Prigione
Builder
‎07-07-2010 12:20 PM

Hi, have you tried this stanza configuration in the etc/system/local/server.conf file?

[httpServerListener:index1_IP:8089]
ssl = true
0 Karma
Reply
Solved! Jump to solution

balbano
Contributor
‎07-07-2010 03:05 PM

This did not resolve the issue.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...