Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I getting error "Search process did not exit cleanly, exit_code=255", causing searches to not run in Splunk 6.0.3?

xisura
Communicator
‎09-24-2014 03:19 AM

Hi Ninjas!

Need a little help here. I'm experiencing an error "Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for this peer in the Job Inspector for more info.". I'm using Splunk 6.0.3, because of that error i cant search . I don't know the cause of this error. I also tried to look here in community if there are users out there experienced this, yes i found some but no concrete solution.

Please enlighten me 😞

Tags (3)
0 Karma
Reply

kamal_jagga
Contributor
‎08-25-2016 03:55 PM

After the following line of error, you would find 1 more line, which will give you name of lookup or knowledge object which is failing while replication.

"Search process did not exit cleanly, exit_code=255",
...[server] Streamed search execute failed because: Error in 'lookup' command: The lookup table 'abc.csv' does not exist.

Try adding local=t in your search. This will direct Splunk to look for this csv only on search head and not indexer and remove the error.

Good Luck !!!

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎09-24-2014 08:37 AM

Is is a distributed search ? and do the remote search.log in the search inspector mentions errors about unknown users or roles ?
Because those are the classic symptoms when the searchbundles were not copied to the search-peers. (or were somehow expired).

A quick test, is to go to the mentioned search-peer and look for the search bundle folder.
$SPLUNK_HOME/var/run/searchpeer/ look at the modification time, and remove the bundle with the name of the search-head.
Then retry a search, you should see the new bundle be copied.

Reply

ganji
Explorer
‎04-10-2019 01:40 PM

Check if any of your apps are blacklisted in distsearch.conf.

Reply

linu1988
Champion
‎09-24-2014 06:58 AM

Your search please? Did you check the search peers if they are up or not?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎09-24-2014 05:54 AM

Does the Job Inspector or search.log linked at the bottom of the Job Inspector have any further information?

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...