Monitoring Splunk

Splunk monitoring console unable to gather Resource usage information

PeraltaRH
Explorer

Hello,

I have a problem with my distributed environment where some of my instances appear greyed out under CPU and memory utilization. If I open the specific instance panels I see the red icon with the errors below. 

This is very strange because it affects the indexers only. The only difference with them is that the web service is disabled a per Splunk best practices.

I tried with splunk support by opening a case but we couldn't find the solution yet.

 

Splunk Version: 8.0.3 (indexers), 8.0.5 (everything else)--- Is this a problem? 

[subsearch][servername]Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/server/info?count=0&strict=false from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API.

[subsearch][servername]Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/server/info?count=0&strict=false from server=https://127.0.0.1:8089 - Bad Request

 

--- MORE INFO ---

If I run the command manually like:

https://10.10.10.1:8089/services/server/status/resource-usage/hostwide
I get the output in my browser.

 

I read this post: https://community.splunk.com/t5/Getting-Data-In/Splunk-Management-Console-Error-subsearch-Rest-Proce... 

It talks about the indexer role, my Cluster Master is also "SHC Deployer" (Search Head Cluster Deployer), would this be the role I have to move? Its not an Indexer, I have 6 dedicated indexers and 5 dedicated search heads.

Labels (2)
0 Karma
1 Solution

PeraltaRH
Explorer

The problem seems to be with the versions compatibility.

A bit absurd that a new MC version is not retro-compatible, not even a mayor upgrade 8.0.3 vs 8.0.5.1.

 

If anyone gets this problem, its because the new version sends "strict=false" and the old version does not like it. You cant even set the MC to not send this option.... quite disappointing. 

View solution in original post

0 Karma

PeraltaRH
Explorer

The problem seems to be with the versions compatibility.

A bit absurd that a new MC version is not retro-compatible, not even a mayor upgrade 8.0.3 vs 8.0.5.1.

 

If anyone gets this problem, its because the new version sends "strict=false" and the old version does not like it. You cant even set the MC to not send this option.... quite disappointing. 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...