Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Indexing stopped: Why is there an error on SH message box?

ankurborah
Path Finder
‎05-18-2022 02:32 AM

Getting below error message on SH message box: 

Search peer <Indexer_host> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ',
Upload bundle="/opt/splunk/var/run/236039B4-5D5D-4138-A083-DE21022C7678-16566.bundle" to peer name=<deployment_server> uri=https://192.210.0.6:8089
failed; error="Read Timeout".

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ankurborah
Path Finder
‎05-18-2022 10:08 AM

Thanks for the help GC,

Able to find the issue. 

This issue was caused due to the deployment server added as a search peer and it was not able to take the load as it was trying to replicate all the searches and files, hence i  had to remove the configuration, which fixed the issue. 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 02:39 AM

Hi @ankurborah,

the message says that there's a replication issue from the Deployment Server to an Indexer,

but what's your architecture?

how many Indexers are in you architecture?

why are you managing them by Deployment Server?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

ankurborah
Path Finder
‎05-18-2022 02:43 AM

Arhitecture is:

4 Indexers,3 SH's, Cluster master, deployment server, deployer  and a few HF's.

Not understand "why are you managing them by Deployment Server?"

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 02:47 AM

Hi @ankurborah,

the message you shared says that the Deployment Server cannot send a bundle to a search peer,

maybe, for an error, one Indexers is in the list of the servers managed by the Deployment Server and this isn't correct because Indexers must be managed by the Master Node (or Cluster Master).

Ciao.

Giuseppe.

0 Karma
Reply
Solved! Jump to solution

ankurborah
Path Finder
‎05-18-2022 03:01 AM

My mistake. It is not indexer it is one of the serach_head. correct error message is below:

Search peer <search_head> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ',
Upload bundle="/opt/splunk/var/run/236039B4-5D5D-4138-A083-DE21022C7678-16566.bundle" to peer name=<deployment_server> uri=https://192.210.0.6:8089
failed; error="Read Timeout".

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 03:11 AM

Hi @ankurborah,

it's the same thing: Search Heads cannot be managed by Deployment Server but only by Deployer.

Are you sure that the Search isn't in the list of the hosts managed by the Deployment Server?

Splunk Clusters (SHs or IDXs) have their own management machine (Deployer or Master Node) and Deployment Server cannot be used for this.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

ankurborah
Path Finder
‎05-18-2022 10:08 AM

Thanks for the help GC,

Able to find the issue. 

This issue was caused due to the deployment server added as a search peer and it was not able to take the load as it was trying to replicate all the searches and files, hence i  had to remove the configuration, which fixed the issue. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-18-2022 11:23 PM

Hi @ankurborah,

good for you, see next time

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...