Deployment Architecture

Unable to add search peer from search head using distributed search :no route to host or connection refused

RK_sp1unk
New Member

Issue:Unable to add search peer from search head using distributed search :no route to host or connection refused error

we have 5 instance

search head license master
indexer
search head enterprise security
heavy forwader
deployment server

all vm instances are created , we are now adding search peers from search head license master and search head enterprise security, the search peer would be indexer.

here from search head LM we cannot do a telnet to indexer using 8089 port, but vice versa it is working.

also telnet from search head Enterprise security to search head LM is also connecting

but we are unable to do telnet to indexer on port 8089 from both SH LM and SH ES.

while trying to add new peer if we put htttps://ipaddress:8089 we get error no route to host

if we put https://hostnameofindexer:8089 and add peer we get error connection refused

splunk version:8.0
vmware esxi
os:centos 8

This issue is very critical as whole project is stuck now.

0 Karma

RK_sp1unk
New Member

this issue is resolved it was a host name conflict

0 Karma

RK_sp1unk
New Member

on my indexer if do netstat , it shows the port is used by SHLM i.e
it shows TCP connection established
SIX.localdomain:47206 10.200.5.51:8089

i am getting the below errror while trying to add serch peer on SHLM andSHES

from SHLM i can ping and do telnet to indexer

from SHES also i can ping and do telnet to indexer

for remote user name and password , i am entering the admin username and password which i use to login to indexer web and which i created during the splunk installation , is this correct

error:Encountered the following error while trying to save: Peer with server name localhost.localdomain conflicts with this server's name.

disabling the firewall on indexer or Search heads ...please clarify...

tried disabling it on indexer no go...

please check this at priority as i am stuck now

0 Karma

nickhills
Ultra Champion

Everything in your post suggests that this is either a networking issue, or for some reason Splunk is not accepting connections.
The difference between the results of your browsers tests is just an artifact of how your browser reports failures for IP vs DNS name.

  • On your indexers, run netstat to confirm that the ports are open on 8089.
  • Confirm your SH can ping/route to indexers
  • Confirm you have no harware/application firewalls keeping connections out. On centos 8, you can try disabling the Firewall temporarily systemctl stop firewalld to see if that resolves the issue - remember to restart it and add rules if it does!
If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...