Hi,
as I understand it is a multi-site cluster with 2 sites. The replicas are always forced to be on the other site. For searchhead we have no special conditions.

We run a relative old version 6.4.4.

Cheers,
Marco

Hi @marcohoffmann,

Ah, okay. So 6.4.4 does not have the fix for SPL-136734/SPL-100516, which addresses multiple issues with delete propagation, so upgrading may address your issue. However we are also tracking an issue internally, SPL-138846, which is specific to multisite clusters. Unfortunately there's no fix available for that issue as yet, but it is being worked on.

Cheers,

- Jo.

Thank you, we will do it asap. For some interests, where can I found in which release this issues SPL-136734/SPL-100516 were solved?

Hi @marcohoffmann,

For the 6.4 series, it was fixed in 6.4.7; see here: https://docs.splunk.com/Documentation/Splunk/6.4.7/ReleaseNotes/6.4.7

For later versions, it's fixed in 6.5.3, and all versions from 6.6.0 onwards.

Good luck! &:)

Cheers,

- Jo.

We are using a multisite indexcluster (replicate 1 copy to a different location) and we are also having issues using 'delete' from our SHC.

Events are reappering after we issued the delete command.

Is there still a bug or is the mentioned multisite issue already fixed?
We are currently on 7.3.3.

Hi @HansWurscht,

The fix for SPL-138846 is still in progress.

Cheers,

- Jo.