Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search Returns Exit Code -2

alacercogitatus
SplunkTrust
SplunkTrust
‎09-05-2013 05:50 AM

Here's the situation. I have an international server. When trying to search it as a distributed peer, it exits with this message.

[REMOTE_WAN_HOST] Search process did not exit cleanly, exit_code=-2, description="exited with code -2". Please look in search.log for this peer in the Job Inspector for more info.

So I take a look in the peer's dispatch directory for the search log. I find this.


08-27-2013 00:56:51.884 INFO UserManager - Setting user context: USER
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'admin'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_admin'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_analyst'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'ess_user'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'power'
08-27-2013 00:56:51.884 WARN AuthorizationManager - Unknown role 'user'
08-27-2013 00:56:51.884 ERROR UserManagerPro - user="USER" had no roles
08-27-2013 00:56:51.884 ERROR UserManager - Error while setting user context: user="USER" had no roles
08-27-2013 00:56:51.884 INFO UserManager - Done setting user context: NULL -> NULL
08-27-2013 00:56:51.884 INFO UserManager - Unwound user context: NULL -> NULL
08-27-2013 00:56:51.884 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Application does not exist: search

All of these roles and the USER exist in exactly the same way as on the search head. I'm at a loss on why it's not working correctly.

Tags (3)
Reply

brod_geico
Path Finder
‎12-12-2014 07:05 AM

check this url, i had similar issues then i found version mismatch on SH peers.

http://answers.splunk.com/answers/192592/search-process-did-not-exit-cleanly-exit-code255-d.html#ans...

0 Karma
Reply

brod_geico
Path Finder
‎12-11-2014 12:30 PM

Few places you can check.
Search peers are running with inconsistency version.
Check search peers status .
ask user and that job/lookup table not had right permissions or not exist all over the places.

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎01-31-2014 11:30 AM

I had this same error... I tried a number of troubleshooting steps, but by the time I upped the debug level it randomly started working again (after failing for more than a day). I assume that timing is just coincidental. An upgrade to 6.0.1 didn't resolve it, and restarting the entire environment didn't resolve it. Also deleting and re-adding the search peer didn't resolve it. After the last restart, it still failed.. and then randomly begun working again.

0 Karma
Reply

aelliott
Motivator
‎12-27-2013 08:27 AM

could this be the same issue? http://answers.splunk.com/answers/84199/distributed-search-application-does-not-exist-search

0 Karma
Reply

somesoni2
Revered Legend
‎12-27-2013 08:17 AM

Hey..I am facing similar issue, were you able to resolved it?

0 Karma
Reply
Get Updates on the Splunk Community!

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...

New Year. New Skills. New Course Releases from Splunk Education

A new year often inspires reflection—and reinvention. Whether your goals include strengthening your security ...