While pushing the application from deployment server to search head1 it gives me this error after entering the below command.
./splunk apply shcluster-bundle -target https://172.31.14.82:8089
Help me to sort this issue
[root@ip-172-31-3-3 bin]# ./splunk apply shcluster-bundle -target https://172.31.14.82:8089
Warning: Depending on the configuration changes being pushed, this command might initiate a rolling restart of the cluster members. Please refer to the documentation for the details. Do you wish to continue? [y/n]: y
WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.
Your session is invalid. Please login.
Splunk username: admin
Password:
\Error in parsing pass4SymmKey under shclustering stanza.
Tell me if any thing wrong in SH1 server.conf
As you can see, you don't have any pass4symmKey entry in this stanza.
Maybe you have it defined elsewhere. Or maybe nowhere.
Check output of
$SPLUNK_HOME/bin/splunk btool server list shclustering --debug
The message should be more or less self-explanatory. Your server.conf contains [shclustering] stanza. It contains a shared secred (said pass4symmkey) which is used for comunication between cluster nodes.
This entry is normally encrypted at first run using unique server's internal secret. So even though all servers share the same pass4symmkey, its encrypted form is different on each server.
I'm guessing that this server's config was copied from another server and the secret is either not pasted correctly or it's been pasted as an encrypted string from another server. It won't work.
Typically those errors show when someone wants to "join" a server to a shcluster by copying existing configuration. It's not supposed to be done this way. Since shcluster involves more than just instances of splunkd clustering, but also kvstore clustering, it should be done according to this document:
https://docs.splunk.com/Documentation/Splunk/9.0.1/DistSearch/Addaclustermember#Add_the_instance
EDIT: OK, you're getting it when pushing a bundle, so you're doing it from the deployer so the root cause might be different but the interpretation of the error stays - your pass4symmkey entry is simply "broken". Why? That we don't know.
Yes i am getting this error while pushing the application from deployer to search heads, also i have not copied server.conf from any where it was created by splunk itself, now i am stuck here please help me to resolve this issue.
Step -1:Check if the pass4SymmKey is available in [shclustering] stanza, in the SH server.conf. If it is not there add the pass4SymmKey = <your password>. Do the same in all SH cluster nodes and restart splunk.
Step-2:Similarly check the master node (where you have a deployment server)server.conf for [shclustering] stanza. If not there add the [shclustering] stanza and pass4SymmKey = <your password>. Restart splunk.