Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Indexing stopped: Why is there an error on SH message box?

ankurborah
Path Finder
‎05-18-2022 02:32 AM

Getting below error message on SH message box: 

Search peer <Indexer_host> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ',
Upload bundle="/opt/splunk/var/run/236039B4-5D5D-4138-A083-DE21022C7678-16566.bundle" to peer name=<deployment_server> uri=https://192.210.0.6:8089
failed; error="Read Timeout".

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ankurborah
Path Finder
‎05-18-2022 10:08 AM

Thanks for the help GC,

Able to find the issue. 

This issue was caused due to the deployment server added as a search peer and it was not able to take the load as it was trying to replicate all the searches and files, hence i  had to remove the configuration, which fixed the issue. 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 02:39 AM

Hi @ankurborah,

the message says that there's a replication issue from the Deployment Server to an Indexer,

but what's your architecture?

how many Indexers are in you architecture?

why are you managing them by Deployment Server?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

ankurborah
Path Finder
‎05-18-2022 02:43 AM

Arhitecture is:

4 Indexers,3 SH's, Cluster master, deployment server, deployer  and a few HF's.

Not understand "why are you managing them by Deployment Server?"

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 02:47 AM

Hi @ankurborah,

the message you shared says that the Deployment Server cannot send a bundle to a search peer,

maybe, for an error, one Indexers is in the list of the servers managed by the Deployment Server and this isn't correct because Indexers must be managed by the Master Node (or Cluster Master).

Ciao.

Giuseppe.

0 Karma
Reply
Solved! Jump to solution

ankurborah
Path Finder
‎05-18-2022 03:01 AM

My mistake. It is not indexer it is one of the serach_head. correct error message is below:

Search peer <search_head> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ',
Upload bundle="/opt/splunk/var/run/236039B4-5D5D-4138-A083-DE21022C7678-16566.bundle" to peer name=<deployment_server> uri=https://192.210.0.6:8089
failed; error="Read Timeout".

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 03:11 AM

Hi @ankurborah,

it's the same thing: Search Heads cannot be managed by Deployment Server but only by Deployer.

Are you sure that the Search isn't in the list of the hosts managed by the Deployment Server?

Splunk Clusters (SHs or IDXs) have their own management machine (Deployer or Master Node) and Deployment Server cannot be used for this.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

ankurborah
Path Finder
‎05-18-2022 10:08 AM

Thanks for the help GC,

Able to find the issue. 

This issue was caused due to the deployment server added as a search peer and it was not able to take the load as it was trying to replicate all the searches and files, hence i  had to remove the configuration, which fixed the issue. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 11:23 PM

Hi @ankurborah,

good for you, see next time

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...