I get the following errormessage when running a search on the search head:
Unable to distribute to peer named :8089 at uri=:8089 using the uri-scheme=https because peer has status="Down". P...
...nd after cca 5 minutes the search ends with an errormessage "Streamed search execute failed because: Error in 'lookup' command: Failed to re-open lookup file: '/srv/app/int/secmon/splunk/var/run/search...
...ailing.
Looking through the search.log I see messages like
ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Application does not exist: search
However the application e...
...tc/auth//distServerKeys/private.pem is never generated on the search head. The search peers, on the other hand, do have both files. Also in splunkd.log, I see messages such as: Distributed...
we are running on DistributedSearch Environment, we have two Heavy Forwarders. i'm actually unable to search estreamer logs so i have noticed this in splunkd.log
"Insufficient permissions to r...
.....
Deleted the Dash version of local/data/ui/nav/default.xml from the DMC.
DMC is in distributed mode. Nav bar updated.
"D:\Splunk\etc\auth\ca.pem": already a renewed Splunk certificate: skipping r...
...urserver) for DMC to monitor. When I go into Distributedsearch on DMC, I get following messages (see below) when adding deployment server. How do I go about adding the deployment server to the 'O...
While digging through my Search head logs, I stumbled upon some WARN messages from the DistributedBundleReplicationManager component regarding "Asynchronous bundle replication" "took too long (l...
In my environment SH, indexer 1, indexer 2 exist, and distributedsearch is done for indexers 1 and 2 from SH.
Yesterday, since data was duplicated in indexers 1 and 2, I give can_delete role to a...
I have 2 Splunk instances living on Linux systems that I’ve inherited, and the one Search Head is throwing the following messages;
[subsearch]: [<indexer server name>] Failed to create a b...