Splunk Enterprise Security
Highlighted

Error in replication of incident (notables) from sh1 to other sh's in a cluster.

Path Finder

Hi Folks,

The incidents triggered in Splunk enterprise security are not getting replicated , i checked splunkd.log getting below Error

04-03-2020 23:46:17.490 +0530 INFO SHCSlave - event=SHPSlave::handleReplicationError aid=schedulernobody_U3BsdW5rX1NBX0NJTQRMD59cba5de3e5a67614at1585928100299562EADBA1-5790-4632-BD11-A0EF9E4C4FBC src=965BB163-3807-4A31-9837-DB64A209B7CA tgt=62EADBA1-5790-4632-BD11-A0EF9E4C4FBC failing=965BB163-3807-4A31-9837-DB64A209B7CA queued replication error job

ALso i have tried resynching SH cluster members and did rolling-restart but no luck.

Also i saw the shcluster status on members and captain are fluctuating. Sometimes pending and getting up automatically. Pleae suggest

0 Karma