Deployment Architecture

Error: Unable to distribute to peer because peer has status ="Authentication failed

keerthana_k
Communicator

I am getting error "Unable to distribute to peer named lonrs10457 at uri https://SPLUNK-IDX1:8089 because peer has status ="Authentication failed"" in our Search Head while executing any search. I have a distributed search setup. I have checked the status under Manager » Distributed search » Search peers>. Only the Indexer is shown as up and running with Status=Up and Replication status=Succesful.

Tags (1)
0 Karma

Simeon
Splunk Employee
Splunk Employee

That error typically means that you cannot search the remote peer. This can be due to privileges against the remote peer or a problem with how you have added it as a peer. The authentication to a remote peer is tokenized, so if it previously worked then it is likely that there may be a connectivity problem or change in that token.

0 Karma

MHibbin
Influencer

you also have to make sure you are not using the default admin password (i.e. changeme), as this will not work... but then I'd assume you are not if you have already added it... but then again, assume nothing 🙂

0 Karma

kristian_kolb
Ultra Champion

have you tried to remove the search peer and adding it back again? Note that you need the proper credentials for the splunkd (i.e. indexer) you want to add back as a search peer.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...