Deployment Architecture

How to resolve issue after updating HF: 'Indicator 'ingestion_latency_gap_multiplier' exceeded configured value...'?

SplunkforBektas
Engager

Hi everyone, 

After upgrading heavyforwarder to ver 9 , we've  encountered following error "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1219. Message from 60F7CA48-C86F-47AD-B6EF-0B79273913A8:172.20.161.1:55892" .  Could you please assist to resolve the issue ?

Labels (1)

youngsuh
Contributor

I started having the issue after upgrade 9.0.3.  Did you ever resolve?

0 Karma

humrish_b
Explorer

Hi All,

 

We have also started observing this error after upgrade to 9.0.1, in few forums it was discussed that it will resolved in next Splunk version 9.0.2. Now we have upgraded all our Splunk to 9.0.2 but still we observing this error in our Splunk instances.

If anyone has found any solutions kindly let us know.

0 Karma

bahlgrim
New Member

Forgot to add the error:  "the health indicator "ingestion_latency_indexer_health" is red due to the following: "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value."

0 Karma

foxtrade
Observer

Just synchronize the time zone of your machines. Because splunk think there is a delay in the transmission of your data

0 Karma

jbcharvetmatric
Explorer

Same problem here with few differences :

- errors start occuring after upgrading to Splunk9 all instances except UF

- half of UF are Splunk8.2, other half 9.0

 

  • Root Cause(s): :
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 15116027. Message from <guid of i-don't-know-what maybe a UF>:<ip of i-don't-know-what>:63981
    • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1109533. Message from <an other guid of i-don't-know-what>:<an other ip of i-don't-know-what>:61771
  • Unhealthy Instances:
    • indexer 1 of site 1
    • indexer 2 of site 1 (cluster of 4 indexers on 2 site in total)

     

 

 

I'm investigating, if I fin'd info or the solution I'll comment here! Good luck with your searches!

0 Karma

sirajnp
Path Finder

Hi,

 

Did you find any solution for this?

0 Karma

SplunkforBektas
Engager

no

0 Karma

bahlgrim
New Member

Has anyone found a solution to this? I'm seeing he same problem after upgrading indexers and search head to 9.0.1. Our UF's are at v8.0.3. Those are about to be upgraded after we fix the forwarding problem (also caused by upgrade).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...