Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Trying to add an indexer on AWS, how to resolve er...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Trying to add an indexer on AWS, how to resolve error "Master is down! Make sure pass4SymmKey is matching if master is running."?
wangsimingxaxis
Explorer
06-27-2016
08:09 AM
I created a Splunk environment on AWS by using Splunk AMI.
1 master
2 search heads
3 indexers
They are in the same subnet and all ports are opened.
When I configure an indexer, I get below errors which tell me this indexer cannot connect to master
06-27-2016 14:29:49.849 +0000 WARN CMMasterProxy - Master is down! Make sure pass4SymmKey is matching if master is running.
06-27-2016 14:29:49.849 +0000 WARN CMSlave - Failed to register with cluster master reason: failed method=POST path=/services/cluster/master/peers/?output_mode=json master=xxx.xx.xx.xxx:8089 rv=0 actual_response_code=500 expected_response_code=201 status_line="Internal Server Error" socket_error="No error" [ event=addPeer status=retrying AddPeerRequest: { _id= active_bundle_id=C6371A0987CB1E656564B016E2208682 add_type=Initial-Add base_generation_id=0 latest_bundle_id=C6371A0987CB1E656564B016E2208682 mgmt_port=8089 name=36DF02F3-F116-4DFC-B667-A005D906C244 register_forwarder_address= register_replication_address= register_search_address= replication_port=8080 replication_use_ssl=0 replications= server_name=ip-172-31-10-189 site=default splunk_version=6.4.0 splunkd_build_number=f2c836328108 status=Up } ].
06-27-2016 14:39:41.631 +0000 WARN AuditTrailManager - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block
Any advice?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanoconnor
Builder
06-27-2016
10:37 AM
The first error is probably the first thing to check. Do you if pass4SymmKey is the same on all of your cluster members?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wangsimingxaxis
Explorer
06-27-2016
11:37 AM
And I think if the security key does not match, it will not allow me to go to next step to reboot splunk console.
Because when I try to put a different security key , it rejected me to go to next and give error on the screen .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wangsimingxaxis
Explorer
06-27-2016
11:12 AM
yes, it is I already use the same key to add Search head already without any issues
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
