Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What does status=delegated_remote OR status=delegated_remote_completion mean in the scheduler log?

ben_leung
Builder
‎02-18-2015 01:43 PM

If looking at scheduler log from a single search head in the search head cluster, what does status=delegated_remote OR status=delegated_remote_completion mean? Does it mean that the search that was running to the current search head move to another search peer to run and complete?

Reply

jcrabb_splunk
Splunk Employee
Splunk Employee
‎04-16-2015 11:03 AM

This is logged on the captain in scheduler.log when a remote job is delegated to a member and when a remote delegated job is completed on a member.

Jacob
Sr. Technical Support Engineer
Reply

BP9906
Builder
‎04-16-2015 07:28 PM

How do you determine the peer the search was sent to?
I have a 2 peer SH cluster and the captain says status=delegated_remote and we received no alert. Not to mention that the other peer (not captain) is configured to be adhoc searching only. So why did the captain delegate it?

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎06-27-2018 01:11 PM

member_label / member_guid / member_uri from the same message. I've seen the captain report that it delegated a search to itself.

0 Karma
Reply

awilliams_splun
Splunk Employee
Splunk Employee
‎02-13-2017 06:59 AM

How do you have a two peer SHC? At least 3 Search heads are required.

0 Karma
Reply

ben_leung
Builder
‎02-18-2015 04:06 PM

I have not yet seen the scheduler skip a search yet... Wondering how the log looks like when it does skip... Anyone experience this in SHC yet?

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...