Deployment Architecture

How to resolve issue after updating HF: 'Indicator 'ingestion_latency_gap_multiplier' exceeded configured value...'?

SplunkforBektas
Engager

Hi everyone, 

After upgrading heavyforwarder to ver 9 , we've  encountered following error "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1219. Message from 60F7CA48-C86F-47AD-B6EF-0B79273913A8:172.20.161.1:55892" .  Could you please assist to resolve the issue ?

Labels (1)

youngsuh
Contributor

I started having the issue after upgrade 9.0.3.  Did you ever resolve?

0 Karma

humrish_b
Explorer

Hi All,

 

We have also started observing this error after upgrade to 9.0.1, in few forums it was discussed that it will resolved in next Splunk version 9.0.2. Now we have upgraded all our Splunk to 9.0.2 but still we observing this error in our Splunk instances.

If anyone has found any solutions kindly let us know.

0 Karma

bahlgrim
New Member

Forgot to add the error:  "the health indicator "ingestion_latency_indexer_health" is red due to the following: "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value."

0 Karma

foxtrade
Observer

Just synchronize the time zone of your machines. Because splunk think there is a delay in the transmission of your data

0 Karma

jbcharvetmatric
Explorer

Same problem here with few differences :

- errors start occuring after upgrading to Splunk9 all instances except UF

- half of UF are Splunk8.2, other half 9.0

 

  • Root Cause(s): :
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 15116027. Message from <guid of i-don't-know-what maybe a UF>:<ip of i-don't-know-what>:63981
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1109533. Message from <an other guid of i-don't-know-what>:<an other ip of i-don't-know-what>:61771
  • Unhealthy Instances:
    • indexer 1 of site 1
    • indexer 2 of site 1 (cluster of 4 indexers on 2 site in total)

     

 

 

I'm investigating, if I fin'd info or the solution I'll comment here! Good luck with your searches!

0 Karma

sirajnp
Path Finder

Hi,

 

Did you find any solution for this?

0 Karma

SplunkforBektas
Engager

no

0 Karma

bahlgrim
New Member

Has anyone found a solution to this? I'm seeing he same problem after upgrading indexers and search head to 9.0.1. Our UF's are at v8.0.3. Those are about to be upgraded after we fix the forwarding problem (also caused by upgrade).

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...