Installation

Cluster Master - Bundle invalid.

Crashfry
Path Finder

Running into issues with the cluster master after the validation process locked up. Any bundle that is created - shows invalid when checking. Is there something i've missed in the steps here to get this functioning again?

Tags (1)
0 Karma
1 Solution

yannK
Splunk Employee
Splunk Employee

The bundle validation is a 2 steps process :

  • the Cluster master (CM) generates the bundle from his folder and check locally its validity
  • then send the bundle for review to each indexers, and they all do validation with their local existing bundle.
  • the indexes respond with their validity check to the cluster-master
  • if any failed, the CM returns that the bundle is invalid. (a timeout or an older failed bundle still waiting may be a reason)

So check the _internal splunkd.log on all the indexers and the CM to figure who decided that the bundle was invalid and why.

here is a doc about validation
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configurationbundleissues

View solution in original post

0 Karma

yannK
Splunk Employee
Splunk Employee

The bundle validation is a 2 steps process :

  • the Cluster master (CM) generates the bundle from his folder and check locally its validity
  • then send the bundle for review to each indexers, and they all do validation with their local existing bundle.
  • the indexes respond with their validity check to the cluster-master
  • if any failed, the CM returns that the bundle is invalid. (a timeout or an older failed bundle still waiting may be a reason)

So check the _internal splunkd.log on all the indexers and the CM to figure who decided that the bundle was invalid and why.

here is a doc about validation
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configurationbundleissues

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...