×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
doeboy
New Member
Member since: ‎03-22-2024
‎09-11-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-22-2024
View All

Re: Error getting indexer cluster bundle status

by in All Apps and Add-ons
‎09-11-2024 09:13 AM
‎09-11-2024 09:13 AM
I lost track of this thread, but the issue here was resolved some time ago. More advanced in our deployment and now looking at other issues lol.  ... View more

Re: Cause of replication failures in indexer clust...

by in Splunk Enterprise
‎09-11-2024 09:11 AM
‎09-11-2024 09:11 AM
I may have restrictions but I'm not sure what they are, as I inherited some configurations from our Splunk PS whom started building our architecture but I subsequently ended up finishing. Where should I look?  As for the internal logs, they are vague. It does tell me which buckets but there are a lot of them. Nothing stands out to me, but that could be my untrained eye on whether they are all hot/warm/cold. ... View more

Cause of replication failures in indexer cluster?

by in Splunk Enterprise
‎09-11-2024 07:30 AM
‎09-11-2024 07:30 AM
Hey! I am currently standing up an enterprise splunk system that has a multi-site(2) indexer cluster of 8 Peers and 2 Cluster Managers in HA configuration (LB by F5). I've noticed that if we have outages specific to a site, data rightfully continues to get ingested at the site that is still up..... But upon the return of service to the secondary site, we have a thousand or more fixup tasks (normal I suppose) but at times they hang and eventually I get replication failures in my health check. Usually unstable pending-down-up status is associated with the peers from the site that went down as they attempt to clean up. This is still developmental, so I have the luxury of deleting things with no consequence. The only fix I have seen to work is deleting all the data from the peers that went down and allowing them to resync and copy from a clean slate. I'm sure there is a better way to remedy this issue.    Can anyone explain/or point me in the direction of the appropriate solution and what the exact cause of this problem is?  I've read this Anomalous bucket issues - Splunk Documentation but roll, resync, delete doesn't quite do enough. And there is no mention as to why the failures start to occur. From my understanding, fragmented buckets play a factor when reboots or unexpected outages happen but how do I exactly regain some stability in my data replication. ... View more
Labels

Error getting indexer cluster bundle status

by in All Apps and Add-ons
‎03-22-2024 02:01 PM
‎03-22-2024 02:01 PM
receiving the following error when trying to run "./splunk show cluster-bundle-status" 'Failed to contact the cluster manager. ERROR:  Cluster manager is not enabled on this node. "    A duplicate error is displayed for the peers.  But when I sign into the cluster manager and go to indexer clustering there is all my 4 indexers on the dashboard and the manager node is properly set in configuration. I've even double checked the .conf files.  Any suggestions?     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-11-2024 12:33 PM