I am receiving the following error message in my splunkd log. DistributedBundleReplicationManager - bundle replication to 1 peer(s) took too long. Do you know what is causing it and how I can fix it?
This is caused by stuff being replicated from the SH to the indexer. AFAIK, this is most often just a warning that it took long time, not TOO long time. So normally your bundle got replicated, but it took more than X seconds.
Quite likely you have some large piece of data in one of your apps (MAXMIND is one I've come across that contains a lot of data).
I also need to mention that I only have one search head, one indexer and 39 universal forwarders. I am not sure why this is warnining for distributed bundle replication.
