Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why error in parsing pass4SymmKey under shclustering stanza?

vibh458
New Member
‎10-14-2022 03:46 AM

While pushing the application from deployment server to search head1 it gives me this error after entering the below command.

./splunk apply shcluster-bundle -target https://172.31.14.82:8089

Help me to sort this issue

 

[root@ip-172-31-3-3 bin]# ./splunk apply shcluster-bundle -target https://172.31.14.82:8089
Warning: Depending on the configuration changes being pushed, this command might initiate a rolling restart of the cluster members. Please refer to the documentation for the details. Do you wish to continue? [y/n]: y
WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.
Your session is invalid. Please login.
Splunk username: admin
Password:
\Error in parsing pass4SymmKey under shclustering stanza.

Labels (1)
Labels
Tags (3)
0 Karma
Reply

vibh458
New Member
‎10-14-2022 01:44 PM

vibh458_0-1665780210751.png

Tell me if any thing wrong in SH1 server.conf

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-15-2022 12:14 AM

As you can see, you don't have any pass4symmKey entry in this stanza.

Maybe you have it defined elsewhere. Or maybe nowhere.

Check output of

$SPLUNK_HOME/bin/splunk btool server list shclustering --debug

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-14-2022 04:18 AM

The message should be more or less self-explanatory. Your server.conf contains [shclustering] stanza. It contains a shared secred (said pass4symmkey) which is used for comunication between cluster nodes.

This entry is normally encrypted at first run using unique server's internal secret. So even though all servers share the same pass4symmkey, its encrypted form is different on each server.

I'm guessing that this server's config was copied from another server and the secret is either not pasted correctly or it's been pasted as an encrypted string from another server. It won't work.

Typically those errors show when someone wants to "join" a server to a shcluster by copying existing configuration. It's not supposed to be done this way. Since shcluster involves more than just instances of splunkd clustering, but also kvstore clustering, it should be done according to this document:

https://docs.splunk.com/Documentation/Splunk/9.0.1/DistSearch/Addaclustermember#Add_the_instance

EDIT: OK, you're getting it when pushing a bundle, so you're doing it from the deployer so the root cause might be different but the interpretation of the error stays - your pass4symmkey entry is simply "broken". Why? That we don't know.

0 Karma
Reply

vibh458
New Member
‎10-14-2022 01:31 PM

Yes i am getting this error while pushing the application from deployer to search heads, also i have not copied server.conf from any where it was created by splunk itself, now i am stuck here please help me to resolve this issue.

0 Karma
Reply

gammaguhen
New Member
‎01-30-2023 02:05 PM

Step -1:Check if the pass4SymmKey is available in  [shclustering] stanza,  in the SH server.conf. If it is  not there add the pass4SymmKey = <your password>. Do the same in all SH cluster nodes and restart splunk.

Step-2:Similarly check the master node (where you have a deployment server)server.conf for [shclustering] stanza. If not there add the [shclustering] stanza and pass4SymmKey = <your password>. Restart splunk.

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...