Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are my accelerated reports not leaving the "Summarization not started" state?

chustar
Path Finder
‎10-11-2017 10:06 AM

In my search head cluster, one of my accelerated searches does not seem to be able to run its summarization.

It's summary status keeps flipping between:

Summarization not started
and

0% Complete

It also reports that: Last Updated: 22h 59m ago.

How do I diagnose why this report does not run?

Edit:
I was seeing this error in the splunkd.log:

Line 90050: 10-11-2017 10:10:49.817 -0700 ERROR SHCRepJob - failed to delegate job job=SHPDelegateSearchJob peer="TC-SPLUNKSRCH2", guid="<GUID>" saved_search=system;; err=error accessing https://<SEARCHHEAD2>:8089/servicesNS/a-markle/search/shcluster/member/delegatejob/_ACCELERATE_<SEAR..., statusCode=404, description=Not Found

But after a rolling restart of the cluster, it seems to be running again:
Its summary status is now reporting as:

Building summary - 6%

0 Karma
Reply

blacknight659
Explorer
‎10-11-2017 10:12 AM

This is a tough one.

Can you check the job inspector or perhaps the splunkd.log? ,Hard to say what is happening. Can you post anything from the job inspector or perhaps the splunkd.log?

0 Karma
Reply

chustar
Path Finder
‎10-11-2017 11:08 AM

Thanks, I've updated the question with an error from the splunkd.log.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...