Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Cannot find bundles for search peer

p_vitale
Explorer
‎03-11-2015 08:25 AM

Hi,

I'm deployed a single-site cluster with Master Node, Search Head and two Indexer.
The architecture works fine, but into the "splunkd.log" file of the both Indexer there is the following error:

ERROR SearchPeerBundlesSetup - Cannot find bundles for search peer: MASTENODE

where the MASTENODE is the hostname of the master node machine.

Which kind of problem could be it?
How I can eliminate it?

Into the Master Node UI "Indexer Clustering: Master Node"
1.the number of peers is correct,
2.the number of indexes is correct (and also the states)
3.but the number of Search Head is wrong, that is there are two instances of search head,
one is correct (the search head configured)
and the other one is the master node (why?)

The version of Splunk is 6.2.0

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

p_vitale
Explorer
‎03-13-2015 02:51 AM

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

p_vitale
Explorer
‎03-13-2015 02:51 AM

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

0 Karma
Reply
Solved! Jump to solution

mhouse333
Loves-to-Learn Lots
‎09-28-2021 11:39 AM
@p_vitale wrote:

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

Would you please provide specifics on what you changed in the distsearch.com?

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-12-2015 02:24 AM

Try removing your clustering configuration from the Search Heads, and then re-add them to the cluster. Additionally, check permissions on the search heads and that you have enough disk space.

0 Karma
Reply
Solved! Jump to solution

p_vitale
Explorer
‎03-12-2015 03:13 AM

I removed the single Search Head of the cluster from the architecture, and I re-added it into the cluster, but the error is still into the indexer's log.
The search head has enough disk space.
Which kind of permissions I have to check on the search head, in order to resolv this problem?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...