Dashboards & Visualizations

Why am I getting this error message in my dashboard panel? "Unknown error for peer host name. Search Results might be incomplete. If this occurs frequently, please check on the peer"

Hemnaath
Motivator

Hi All, Currently I am facing an issue in a few of the dashboard panels that used to send a report on License Metrics. Now we are not getting the events data for some of the dashboard panels and instead we are seeing this message popup in the dashboard panel.

"Unknown error for peer host name. Search Results might be incomplete. If this occurs frequently, please check on the peer"

When checked by executing the open search I see no result found and by breaking the query until index=summary, we see events but not when we run full query as mentioned below.

earliest=-1d@d latest=@d index=summary category=splunk_metric subcategory=indexing src_type=license_usage
| eval gb=(b/1024/1024/1024)
| timechart span=1h sum(gb) as GB by st

Kindly guide me how to troubleshoot this issue and which log files I should check for the error details.

Thanks in advance.

0 Karma

srinathd
Contributor
0 Karma

Hemnaath
Motivator

Hi All, Sorry for delayed response on this issue, still I am facing this issue, when executed the query , could notice that all the three fields name are missing in the events from last month. But we could see the events getting indexed to the index=summary but below three fields are missing. Need to create dashboard for Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype.

Field name
category=splunk_metric
subcategory=indexing
src_type=license_usage

how to get this fixed. Could you please provide me some help on this issue.
Thanks in advance.

0 Karma

Hemnaath
Motivator

Hi All, Can any one guide me on this issue. I am not sure how to get the missing field name back in the index=summary , or is there a way to get required data "Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype" for creation of dashboard without this fields.

Kindly guide me on this.

0 Karma

Hemnaath
Motivator

Hi All, Can any one guide me on this issue.

Thanks in advance.

0 Karma

Hemnaath
Motivator

Hi All, I have fixed the issue by using the below query and got the desired output.

Problem : Unable to fetch the data in the dashboard and reason was there is no field name present in the index=summary.

Missing filed name
category=splunk_metric
subcategory=indexing
src_type=license_usage

Solution : used index=_internal to get the log volume data by source type.
Query
earliest=-1d@d latest=@d index="_internal" source="*metrics.log" group="per_sourcetype_thruput" | eval GB=(kb/1024/1024/1024) | rename series as st | timechart span=1h sum(GB) by st

Worked fine.

0 Karma

adonio
Ultra Champion

hello there,
here is an accepted answer with same error:
https://answers.splunk.com/answers/506621/unknown-error-for-peer-xxx-search-results-might-be.html
if you have a Distributed Management Console (or MC) try and see if this particular is up.
also, try and search for errors and warning regarding this particular peer: index = _internal host = <YourPeerHere> log_level = error OR log_level = warn*
hope it helps

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!