Deployment Architecture

How to resolve issue after updating HF: 'Indicator 'ingestion_latency_gap_multiplier' exceeded configured value...'?

SplunkforBektas
Engager

Hi everyone, 

After upgrading heavyforwarder to ver 9 , we've  encountered following error "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1219. Message from 60F7CA48-C86F-47AD-B6EF-0B79273913A8:172.20.161.1:55892" .  Could you please assist to resolve the issue ?

Labels (1)

youngsuh
Contributor

I started having the issue after upgrade 9.0.3.  Did you ever resolve?

0 Karma

humrish_b
Explorer

Hi All,

 

We have also started observing this error after upgrade to 9.0.1, in few forums it was discussed that it will resolved in next Splunk version 9.0.2. Now we have upgraded all our Splunk to 9.0.2 but still we observing this error in our Splunk instances.

If anyone has found any solutions kindly let us know.

0 Karma

bahlgrim
New Member

Forgot to add the error:  "the health indicator "ingestion_latency_indexer_health" is red due to the following: "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value."

0 Karma

foxtrade
Observer

Just synchronize the time zone of your machines. Because splunk think there is a delay in the transmission of your data

0 Karma

jbcharvetmatric
Explorer

Same problem here with few differences :

- errors start occuring after upgrading to Splunk9 all instances except UF

- half of UF are Splunk8.2, other half 9.0

 

  • Root Cause(s): :
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 15116027. Message from <guid of i-don't-know-what maybe a UF>:<ip of i-don't-know-what>:63981
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1109533. Message from <an other guid of i-don't-know-what>:<an other ip of i-don't-know-what>:61771
  • Unhealthy Instances:
    • indexer 1 of site 1
    • indexer 2 of site 1 (cluster of 4 indexers on 2 site in total)

     

 

 

I'm investigating, if I fin'd info or the solution I'll comment here! Good luck with your searches!

0 Karma

sirajnp
Path Finder

Hi,

 

Did you find any solution for this?

0 Karma

SplunkforBektas
Engager

no

0 Karma

bahlgrim
New Member

Has anyone found a solution to this? I'm seeing he same problem after upgrading indexers and search head to 9.0.1. Our UF's are at v8.0.3. Those are about to be upgraded after we fix the forwarding problem (also caused by upgrade).

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...