Deployment Architecture

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

shariinPH
Contributor

HI,

I am getting a problem with regards with adding search peer in my search head
I'm getting this error

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

does anyone know why i am getting this error?

Cheers!

0 Karma
1 Solution

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

View solution in original post

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

lakshman237
Path Finder

Pls check if the connectivity from search head to indexer works [ by ping or telnet ip mgmt. port]. If there is a connectivity/network issue, we still get the same error. [ I assume you are entering correct admin password when configuring them]

0 Karma

shariinPH
Contributor

hi esix_splunk, thanks for your answer but still its not working.. Status is still authentication failed.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Did you delete the search peer, and then recreate?

Also, have you validated that the user and password is valid on the indexer host?

shariinPH
Contributor

Hi esix_splunk, we've figured it out.
The management port was changed.

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...