- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to troubleshoot error "Search process did ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to troubleshoot error "Search process did not exit cleanly, exit_code=-1, description="exited with code -1"."?
I'm getting the following error. How do I troubleshoot?
Search process did not exit cleanly, exit_code=-1, description="exited with code -1". Please look in search.log for this peer in the Job Inspector for more info.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just discovered the same problem and it is related to knowledge bundles no replicating from the search head to the indexers correctly.
A short term fix is to apply this to the etc/system/local/distsearch.conf
[replicationSettings]
sendRcvTimeout = 300
allowDeltaUpload = false
Then restart the search head.
My issue occurred due to the delta's of the bundles not replicating so only part of the knowledge bundle made it up to the indexers.
You should look into the reasons why the knowledge bundles were not replicating correctly due to networking problems or an overly large lookup causing the bundle replication to timeout.
Once everything is back to normal you should change back allowDeltaUpload to the default of true.
[replicationSettings]
sendRcvTimeout = 300
allowDeltaUpload = true
Which should only upload changes to bundles.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same issues, and I edited $SPLUNK\etc\apps\metadata\local.meta.
I changed from users ownership to admin
restarted splunk, and it works.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This works for us.
Thanks @btran ... Cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have this too, but I don't see anything useful in the job inspector and when I click the link to open search.log nothing happens. I can't even find search.log on my servers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just got the same error. did you ever find out what happen to it? do you have a fix for it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This has happened less frequently since we upgraded to 6.5.2, but it still happens once in a while.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
