I get the following errormessage when running a search on the search head:
Unable to distribute to peer named :8089 at uri=:8089 using the uri-scheme=https because peer has status="Down". P...
...nd after cca 5 minutes the search ends with an errormessage "Streamed search execute failed because: Error in 'lookup' command: Failed to re-open lookup file: '/srv/app/int/secmon/splunk/var/run/search...
...ailing.
Looking through the search.log I see messages like
ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Application does not exist: search
However the application e...
...tc/auth//distServerKeys/private.pem is never generated on the search head. The search peers, on the other hand, do have both files. Also in splunkd.log, I see messages such as: Distributed...
we are running on DistributedSearch Environment, we have two Heavy Forwarders. i'm actually unable to search estreamer logs so i have noticed this in splunkd.log
"Insufficient permissions to r...
.....
Deleted the Dash version of local/data/ui/nav/default.xml from the DMC.
DMC is in distributed mode. Nav bar updated.
"D:\Splunk\etc\auth\ca.pem": already a renewed Splunk certificate: skipping r...
In my environment SH, indexer 1, indexer 2 exist, and distributedsearch is done for indexers 1 and 2 from SH.
Yesterday, since data was duplicated in indexers 1 and 2, I give can_delete role to a...
I have 2 Splunk instances living on Linux systems that I’ve inherited, and the one Search Head is throwing the following messages;
[subsearch]: [<indexer server name>] Failed to create a b...
This is a distributed deployment with a search head cluster and index cluster. The Splunk_TA_Microsoft_Sharepoint addon has been installed on Indexers, Search Heads and a Heavy Forwarder which g...