Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk SHC cluster bundle with ES errors: What configs can I change to increase this limit so I can use my SHC Deployer?

andrew207
Path Finder
‎01-27-2022 07:17 PM

I have an SHC and I am using an SHC Deployer to deploy apps to it. Those apps include Splunk ES which is very large. The latest 7.0.0 update for ES may be so large that it causes errors when I apply the cluster bundle.

I have tried increasing max_content_length in [httpServer] in server.conf, this did not work.

What configs can I change to increase this limit so I can use my SHC Deployer? It seems odd that I can't deploy an unmodified ES installation according to the documentation because it's beyond Splunk's limits. 

 

 

splunk apply shcluster-bundle -target xxx -auth xxx

Error while deploying apps to target=xxx with members=x: Error while updating app=Splunk_SA_Scientific_Python_Linux_x86_64 on target=xxx: Non-200/201 status_code=413; {"messages":[{"type":"ERROR","text":"Content-Length of 2147484959 too large (maximum is 2147483648)"}]},...repeated for each member

 

 

 

 

Labels (2)
Reply

amgibby
Engager
‎06-29-2022 01:07 PM

We had the same problem deploying the same app (Splunk_SA_Scientific_Python_Linux_x86_64) using the deployer. Under the hood, the deployer is using HTTP to push app bundles to the Search Head Cluster. The search heads (acting as an HTTP server) are rejecting the bundle for this app because it exceeds the default setting for content length.

You need to modify server.conf on the search heads to include the following setting:

[httpServer]
max_content_length = 5000000000

This changes the default setting from 2147483648 (about 2 GB) to 5 GB.

Reply

gjlewis
Explorer
‎09-12-2023 09:06 AM

This worked for me, thanks!

0 Karma
Reply

tshah-splunk
Splunk Employee
Splunk Employee
‎01-27-2022 11:32 PM

This is a known issue for PSC app to cause bundle size to increase exponentially and the reason to have PSC app installed on standalone instances other than the clusters. However, PSC comes bundled with ES and cannot be separated from that. I discovered one of the conf setting mentioned in the upgrade steps for ES is to change the max_upload_size parameter in web.conf and increase it's value. 

Here's the link to upgrade doc for ES to v7.0.0 in SHC environment - https://docs.splunk.com/Documentation/ES/7.0.0/Install/UpgradeEnterpriseSecuritySHC.

An upvote is appreciated if this helps you resolve the issue.

---
If you find the answer helpful, an upvote/karma is appreciated
Reply

dwraesner
Path Finder
‎05-04-2024 11:35 AM

Hello tshah-splunk,

Increasing the max_upload_size in web.conf worked in my case.

Gave you a Karma point.

Thanks  😎

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...