Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search Returns Exit Code -2

alacercogitatus
SplunkTrust
SplunkTrust
‎09-05-2013 05:50 AM

Here's the situation. I have an international server. When trying to search it as a distributed peer, it exits with this message.

[REMOTE_WAN_HOST] Search process did not exit cleanly, exit_code=-2, description="exited with code -2". Please look in search.log for this peer in the Job Inspector for more info.

So I take a look in the peer's dispatch directory for the search log. I find this.


08-27-2013 00:56:51.884 INFO UserManager - Setting user context: USER
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'admin'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_admin'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_analyst'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_user'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'power'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'user'
08-27-2013 00:56:51.884 ERROR UserManagerPro - user="USER" had no roles
08-27-2013 00:56:51.884 ERROR UserManager - Error while setting user context: user="USER" had no roles
08-27-2013 00:56:51.884 INFO UserManager - Done setting user context: NULL -> NULL
08-27-2013 00:56:51.884 INFO UserManager - Unwound user context: NULL -> NULL
08-27-2013 00:56:51.884 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Application does not exist: search

All of these roles and the USER exist in exactly the same way as on the search head. I'm at a loss on why it's not working correctly.

Tags (3)
Reply

brod_geico
Path Finder
‎12-12-2014 07:05 AM

check this url, i had similar issues then i found version mismatch on SH peers.

http://answers.splunk.com/answers/192592/search-process-did-not-exit-cleanly-exit-code255-d.html#ans...

0 Karma
Reply

brod_geico
Path Finder
‎12-11-2014 12:30 PM

Few places you can check.
Search peers are running with inconsistency version.
Check search peers status .
ask user and that job/lookup table not had right permissions or not exist all over the places.

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎01-31-2014 11:30 AM

I had this same error... I tried a number of troubleshooting steps, but by the time I upped the debug level it randomly started working again (after failing for more than a day). I assume that timing is just coincidental. An upgrade to 6.0.1 didn't resolve it, and restarting the entire environment didn't resolve it. Also deleting and re-adding the search peer didn't resolve it. After the last restart, it still failed.. and then randomly begun working again.

0 Karma
Reply

aelliott
Motivator
‎12-27-2013 08:27 AM

could this be the same issue? http://answers.splunk.com/answers/84199/distributed-search-application-does-not-exist-search

0 Karma
Reply

somesoni2
Revered Legend
‎12-27-2013 08:17 AM

Hey..I am facing similar issue, were you able to resolved it?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...