Re: DistributedBundleReplicationManager - bundle r...

drussell88 · ‎03-10-2013

I am receiving the following error message in my splunkd log. DistributedBundleReplicationManager - bundle replication to 1 peer(s) took too long. Do you know what is causing it and how I can fix it?

kristian_kolb · ‎03-11-2013

This is caused by stuff being replicated from the SH to the indexer. AFAIK, this is most often just a warning that it took long time, not TOO long time. So normally your bundle got replicated, but it took more than X seconds.

Quite likely you have some large piece of data in one of your apps (MAXMIND is one I've come across that contains a lot of data).

http://splunk-base.splunk.com/answers/31724/bundle-replication-taking-too-long
http://splunk-base.splunk.com/answers/68488/what-does-this-event-mean-warn-distributedbundlereplicat...

BR,

Kristian

drussell88 · ‎03-11-2013

Thank you for your reply. Could this cause lag time in my saved searches? What is the best way to find these large pieces of data in my apps?

drussell88 · ‎03-11-2013

I also need to mention that I only have one search head, one indexer and 39 universal forwarders. I am not sure why this is warnining for distributed bundle replication.

DistributedBundleReplicationManager - bundle replication to 1 peer(s) took too lon

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation