Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cannot find bundles for search peer

p_vitale
Explorer
‎03-11-2015 08:25 AM

Hi,

I'm deployed a single-site cluster with Master Node, Search Head and two Indexer.
The architecture works fine, but into the "splunkd.log" file of the both Indexer there is the following error:

ERROR SearchPeerBundlesSetup - Cannot find bundles for search peer: MASTENODE

where the MASTENODE is the hostname of the master node machine.

Which kind of problem could be it?
How I can eliminate it?

Into the Master Node UI "Indexer Clustering: Master Node"
1.the number of peers is correct,
2.the number of indexes is correct (and also the states)
3.but the number of Search Head is wrong, that is there are two instances of search head,
one is correct (the search head configured)
and the other one is the master node (why?)

The version of Splunk is 6.2.0

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

p_vitale
Explorer
‎03-13-2015 02:51 AM

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

p_vitale
Explorer
‎03-13-2015 02:51 AM

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

0 Karma
Reply
Solved! Jump to solution

mhouse333
Loves-to-Learn Lots
‎09-28-2021 11:39 AM
@p_vitale wrote:

The problem was the configuration about Distribuited Search into the master node, it was disabled.
So if it is enabled, the indexers are happy about it and they don't give any error about "find bundles for search peer: MASTENODE".

Would you please provide specifics on what you changed in the distsearch.com?

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-12-2015 02:24 AM

Try removing your clustering configuration from the Search Heads, and then re-add them to the cluster. Additionally, check permissions on the search heads and that you have enough disk space.

0 Karma
Reply
Solved! Jump to solution

p_vitale
Explorer
‎03-12-2015 03:13 AM

I removed the single Search Head of the cluster from the architecture, and I re-added it into the cluster, but the error is still into the indexer's log.
The search head has enough disk space.
Which kind of permissions I have to check on the search head, in order to resolv this problem?

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...