Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Connecting a standalone search head to only 1 indexer

DEngineer1
New Member
‎05-05-2017 01:56 AM

Hi Guys,

I'm trying to connect a standalone search head to only 1 indexer.
It's a simple setup, however I just not able to find any documentations on it.

I'm not sure if I'm doing it right, but I'm tried to add search peers but I got the following errors:

05-05-2017 10:30:02.232 +0200 WARN AdminHandler:DistributedSearchHandler - While attempting to add peer at uri=https://xxx.xxx.xxx.xxx:8089 , no http response was received with a Date header. Cannot check skew.

05-05-2017 10:30:02.232 +0200 INFO KeyManagerLocalhost - Sending public key to search peer: https://xxx.xxx.xxx.xxx:8089

05-05-2017 10:30:02.764 +0200 ERROR KeyManagerLocalhost - Error while sending public key to search peer: Connection reset by peer

Could anyone point me in the right directions?

Thank you.

Tags (1)
0 Karma
Reply

ChrisLH
Explorer
‎04-04-2018 04:15 AM

sorry for repost, maybe that's a better place, same problem on my side with AWS:
@DEngineer
did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.

0 Karma
Reply

DEngineer1
New Member
‎05-05-2017 07:39 PM

Hi Guys,

Thanks for the help.

I did some testing last night and I realized that might it might not be the configurations that is causing the problem.

Here my infrastructure setup:

Indexer is on AWS
Search head is a VM instance in my company.

Search head is able to telnet to index's IP via 8089. TCPdump on the indexer show the traffic too.
However the search head is not able to added the indexer as a search peer.

So I went ahead and create another Search head in AWS. This AWS search head have no problem adding the AWS indexer.

Not sure what is wrong with the Search head in my company.
The search peer is added via https://xxx.xxx.xxx.xxx:8089, using IP so I think DNS resolution is not an issue.
The Search head in my company is behind a firewall with NAT outgoing IP. The AWS indexer can only see the NAT IP of my company gateway.

Any configurations I need to do? 😞

0 Karma
Reply

ChrisLH
Explorer
‎04-04-2018 04:13 AM

Hey, did you solve your problem, because I am trying to establish a similar set up and have the same problem? Help would be very much appreciated.

0 Karma
Reply

alemarzu
Motivator
‎05-05-2017 06:29 AM

Hi there @DEngineer

Execute this on your Search Head and restart.

./splunk add search-server https://<IP,FQDN>:8089 -auth admin:password -remoteUsername admin -remotePassword passremote

Where remote Username and Password are the Indexer credentials. Also, make sure that both servers have their ports open.

Hope it helps.

0 Karma
Reply

adonio
Ultra Champion
‎05-05-2017 05:52 AM

hello DEnginner,

follow this doc: https://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Whatisdistributedsearch
it will lead you to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Overviewofconfiguration
then to here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/Configuredistributedsearch
and will explain in detail how to add the indexer as a search peer to the search head via CLI GUI or conf files
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...