Deployment Architecture

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

shariinPH
Contributor

HI,

I am getting a problem with regards with adding search peer in my search head
I'm getting this error

Encountered the following error while trying to save: In handler 'distsearch-peer': Status 401 while sending public key to search peer https://indexer:8089: Unauthorized

does anyone know why i am getting this error?

Cheers!

0 Karma
1 Solution

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

View solution in original post

esix_splunk
Splunk Employee
Splunk Employee

It seems in your distributed environment, the user that you have configured distributed search with on the peer indexer has either been deleted or perhaps the password has changed.
Try to login to the indexer with your distributed search user and see if its successful. You can delete the search peer and re-add it in the Distributed Search configuration also.

lakshman237
Path Finder

Pls check if the connectivity from search head to indexer works [ by ping or telnet ip mgmt. port]. If there is a connectivity/network issue, we still get the same error. [ I assume you are entering correct admin password when configuring them]

0 Karma

shariinPH
Contributor

hi esix_splunk, thanks for your answer but still its not working.. Status is still authentication failed.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Did you delete the search peer, and then recreate?

Also, have you validated that the user and password is valid on the indexer host?

shariinPH
Contributor

Hi esix_splunk, we've figured it out.
The management port was changed.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...