I am getting error "Unable to distribute to peer named lonrs10457 at uri https://SPLUNK-IDX1:8089 because peer has status ="Authentication failed"" in our Search Head while executing any search. I have a distributed search setup. I have checked the status under Manager » Distributed search » Search peers>. Only the Indexer is shown as up and running with Status=Up and Replication status=Succesful.
That error typically means that you cannot search the remote peer. This can be due to privileges against the remote peer or a problem with how you have added it as a peer. The authentication to a remote peer is tokenized, so if it previously worked then it is likely that there may be a connectivity problem or change in that token.
you also have to make sure you are not using the default admin password (i.e. changeme
), as this will not work... but then I'd assume you are not if you have already added it... but then again, assume nothing 🙂
have you tried to remove the search peer and adding it back again? Note that you need the proper credentials for the splunkd (i.e. indexer) you want to add back as a search peer.