cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
basher590
Engager
Member since: ‎02-23-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎02-23-2016
Activity Feed
View All

How to fix error: Cannot pick primary as the bucke...

by in Deployment Architecture
‎03-18-2016 03:18 AM
‎03-18-2016 03:18 AM
Hi, I have a cluster consisting of 2 indexers. At the weekend one of my indexers shut down unexpectedly and since then (6 days now) 20 of my 24 buckets are not fully searchable. Looking at the Bucket Status page under the fixup tasks - Generation, there are entries for each bucket that has a problem like so. payin~5~EF268AB0-A0AA-425A-B52F-0C1CD1542A76 payin Received shutdown notification from peer=EF268AB0-A0AA-425A-B52F-0C1CD1542A76 12/03/2016 06:01 Cannot pick primary as the bucket hasn't rolled yet.; I have tried restarting the indexer that these messages refer to but that didn't make any difference. Anyone got any ideas? Thanks ... View more

Re: How to troubleshoot why 1 indexer in a Splunk ...

by in Getting Data In
‎03-18-2016 02:53 AM
‎03-18-2016 02:53 AM
I got this fixed in the end by creating a new certificate and applying it to the faulty server. The first restart worked but I received a new error relating to http://127.0.0.1 instead of https, but after another restart it cleared and all was good. ... View more

How to troubleshoot why 1 indexer in a Splunk inde...

by in Getting Data In
‎02-23-2016 04:22 AM
‎02-23-2016 04:22 AM
HI, I have inherited a clustered Splunk setup and I noticed that 1 of my 2 indexers had crashed a couple of days ago. Trying to restart it yields a Splunk timed out waiting to start error. Looking at the splunkd log I see the following error: 02-22-2016 14:05:35.800 +0000 ERROR SSLCommon - Can't read key file C:\Program Files\Splunk\etc\auth\server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt. The key file is there and looks OK to me, though I am not sure how I can test it. I did use the OpenSSL command, but received the same message. I tried changing the password in the config file and I receive a "bad password" error, so I know the PW is correct and it is reading the correct file. There have been no updates or config changes that I am aware of, this 1 indexer server just seemed to crash. Is it just a case of creating a new certificate on this one indexer, or are there other steps that need to be followed so I don't break the cluster / indexes? I am running Splunk Version 6.2.3 Splunk Build 264376 On Windows 2012 R2 servers. Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM