Re: Search head is not communicating with its peer...

ashishlal82 · ‎01-12-2018

Error [00000080] Instance name "XXX.XXX.XXX.XXX:8089" REST interface to peer is taking longer than 5 seconds to respond on https. Peer may be over subscribed or misconfigured. Check var/log/splunk/splunkd_access.log on the peer Last Connect Time:2018-01-12T09:46:13.000-05:00; Failed 10 out of 10 times.

nickhills · ‎01-12-2018

Assuming no Splunk config changes, could your indexer be bogged down with something else?
From the searchhead try:
curl -k -u admin:changeme https://your_missing_indexer:8089/services/server/info

If you get no response, check the normal things, such as "is splunk actually running", server load, network etc etc

Aldo take a look for errors in /opt/splunk/var/log/splunk/splunkd.log?

If my comment helps, please give it a thumbs up!

mayurr98 · ‎01-12-2018

have a look at this
https://answers.splunk.com/answers/451570/why-does-my-indexer-stop-responding-to-search-head.html

Let me know if this helps you!

ashishlal82 · ‎01-12-2018

I don't think that is the issue. I have 2 indexers. One of the indexer is working fine and is connected to search head but the other is not.

Amulya888 · ‎10-09-2018

I have the similar issue.
Please give us the solution for this.

dmjenso · ‎01-18-2019

I had this issue and I had to distribute the public SSL key from the search head to the peer (indexer).

Settings > Distributed Search > Search Peers >

click on the peer in question and enter the admin/password

Search head is not communicating with its peer(Indexer)

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?

Search head is not communicating with its peer(Indexer)

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES