Deployment Architecture

StreamedSearch - Failed to create a bundles setup with server name

asetiawan
Explorer

I'm seeing this error message on the indexer frequently.
04-12-2013 19:05:53.085 +0000ERROR StreamedSearch - Failed to create a bundles setup with server name ''. Using peer's local bundles to execute the search, results might not be correct
and
04-12-2013 19:05:53.084 +0000 WARN StreamedSearch - Could not find bundles for search head provided checksum=5336122915231021645. Using latest bundles.

on the search head, I frequently see this error:
04-12-2013 19:58:11.004 +0000 ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening "": No such file or directory

When this happen, search head returns:
Search results may be incomplete, peer 's search ended prematurely. This may be caused by a variety of reasons, please consult logs on peer for details!

and no result is given. THe search head is a part of search head pooling. Anybody has seen this error before?

asetiawan
Explorer

For StreamedSearch error, time sync between our NFS server and the search head seems to be the issue. Once we turned on ntpd on all of them, I no longer see this issue. For some reason, the internal logs indicated that the full bundles is keep being sent over to the indexers instead (should be incremental).

For ProcessDispatchedSearch, I was told that it's a bug that has already been fixed on the later version. If I recall correctly, it has something to do with zipping and unzipping bug.

0 Karma

johnstetter
Explorer

Did you ever get this one resolved? Observing similar behavior on our 5.0.4 installation.

0 Karma

cpetterborg
SplunkTrust
SplunkTrust

I found the answer to my problem. A system administrator had mounted another NFS file system over the top of the shared data filesystem. This happened on two of our indexers, so access to the data under that mount point was being hidden.

cpetterborg
SplunkTrust
SplunkTrust

I just started seeing these messages today. We are running 4.3 in a distributed environment.

Strype
Path Finder

I have the same exact problem. If someone answers or you figure it out would you let me know?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...