Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Health warning or error

domino30
Path Finder
‎01-04-2024 02:57 PM

We have a sandbox environment  with vpsphere and it works mostly just fine

we believe the time sync is corect because we have it set to use internet to auto update and for the sake or being free of errors we have disabled firewalld. (this is a  mostly linux env)

howerever we are getting the following erorrs see attached

Labels (2)
Preview file
1086 KB
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-05-2024 02:21 AM

1. Whenever possible (I know that sometimes you don't have technical means) try to copy-paste actual text input in the code box (the </> symbol in the editor when you're typing in your post) or in the preformatted style instead of doing a screenshot - it's much easier to work with.

2. As @isoutamo already pointed out - those messages don't seem to have anything to do with time issues (nobody says you don't have time issues, it's just that this particular case is about network connectivity, not time). We don't know your network setup but it seems our hosts don't see each other (or the traffic is filtered somewhere).

 

Tags (1)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-05-2024 12:05 AM

Hi

These log entries said that you haven't connection to that another host (10.4.118.215 / No route to host).  Also those entries told to us that you have cluster configuration and this host try to replicate _audit bucket to that another peer and cannot do it.

You should test  why you haven't that tcp connection working on between these hosts. You can start with ping / traceroute then use telnet/curl and if needed even tcpdump to see what is happening.

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...