Solved: Search Head Cluster Error - acceptPush: non-200 s...

abalogh_splunk · ‎03-02-2017

Hello,

Are these error messages something to care about in a SHC on Splunk Enterprise 6.5.2? What do they mean?

Error pushing configurations to captain=h__x://SPLUNKSH:8089, consecutiveErrors=1 msg="Error in acceptPush: Non-200 status_code=400: ConfReplicationException: Cannot accept push with outdated_baseline_op_id=9d7db54d68936bf9017025f82645dec4ae96d16c; current_baseline_op_id=d0b8691592a4a2276b160e9680133672b2af1425"

abalogh_splunk · ‎03-02-2017

Answering my own question just to get this documented.

It can take a while for all the configurations to merge in a Search Head Cluster. If "consecutiveErrors=1" never exceeds the value of 1 it is spurious and can effectively be ignored. These messages pop up while the members of a search head cluster fight it out until they reach a common configuration baseline.

View solution in original post

abalogh_splunk · ‎03-02-2017

Answering my own question just to get this documented.

It can take a while for all the configurations to merge in a Search Head Cluster. If "consecutiveErrors=1" never exceeds the value of 1 it is spurious and can effectively be ignored. These messages pop up while the members of a search head cluster fight it out until they reach a common configuration baseline.

Search Head Cluster Error - acceptPush: non-200 status_code=400

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases