Solved: Search Peer unreachable

gitau_gm · ‎07-11-2025

How do I resolve authentication or pass4SymmKey mismatch between search head and peer?
Also getting a situation where 0 clients phone home.

richgalloway · ‎07-11-2025

That's two different things.

To resolve a pass4SymmKey mismatch, update the plain-text pass4SymmKey value in server.conf and restart the Splunk instance. Splunk will encrypt the value when it restarts. Repeat for each SH and peer. Do NOT copy an encrypted pass4SymmKey from another Splunk instance.

Peers do not phone home so you must be referring to forwarders contacting the Deployment Server (DS). Ensure all clients have the correct DS info in deploymentclient.conf and that the network permits connections from each client to the DS.

With more information about the problem(s) we can be more specific about the solution(s).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎07-11-2025

That's two different things.

To resolve a pass4SymmKey mismatch, update the plain-text pass4SymmKey value in server.conf and restart the Splunk instance. Splunk will encrypt the value when it restarts. Repeat for each SH and peer. Do NOT copy an encrypted pass4SymmKey from another Splunk instance.

Peers do not phone home so you must be referring to forwarders contacting the Deployment Server (DS). Ensure all clients have the correct DS info in deploymentclient.conf and that the network permits connections from each client to the DS.

With more information about the problem(s) we can be more specific about the solution(s).

---
If this reply helps you, Karma would be appreciated.

Search Peer unreachable

forwarder management

search head

search head clustering

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation