Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

xindeNokia
Path Finder
‎10-23-2018 09:01 AM

distributed system. splunk 7.1.2
one SH + one indexer

In the SH splunkd log:

DistributedPeerManager - Distributed: Unable to distribute to peer ..... using the uri-scheme=https because peer has status=2. Please verify uri-scheme, connectivity to the search peer, that the search peer is up, and an adequate level of system resources are available. See the Troubleshooting Manual for more information.

and it causes search failure.

what does status=2 mean? what might be happening here?

Any help is appreciated!

Reply

bgronvall_splun
Splunk Employee
Splunk Employee
‎05-07-2019 12:49 PM

status=2 is evaluated as "Unstable" and can only be triggered by the following two conditions.

  1. There is a time skew between the SH and Search Peer.
  2. The indexer is oversubscribed and rate at which it returns results is inconsistent with the other search peers.
0 Karma
Reply

xindeNokia
Path Finder
‎11-02-2018 08:31 AM

Just want to posted how we solved this issue in case other ppl see this issue as well - still on-going but less frequent

we suspect this is due to workload on indexer is too heavy. we dont have heavy forwarder in btw.
after we fixed couple of parsing issues on indexer. connection issue gets better.

0 Karma
Reply

woodcock
Esteemed Legend
‎05-07-2019 05:05 PM

Please do click Accept on your answer.

0 Karma
Reply

cybermonday
Explorer
‎07-30-2019 08:05 AM

You may want to revisit and ensure that right port used in your deployment.

Sometimes admin in config rush make mistake by sending logs to indexer on port 8089 instead of 9997 which is enough overwhelm the indexer.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...