Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

"search head Timed out waiting for peer" How can I check the network health between a search head and indexer?

nivedita_viswan
Path Finder
‎03-11-2015 11:34 AM

Our environment consists of 1 indexer and 1 search head. Our indexer is currently indexing close to 400GB per day, since we are catching up on historical data. In another week, this should reduce to about 20GB per day.
Meanwhile, we are running a few saved searches on the search head, which would normally run for a few hours. However, we always see the error: 

Timed out waiting for peer xx-xxxx-xxx. If this occurs frequently, receiveTimeout in distsearch.conf may need to be increased. Search results might be incomplete!

I have increased receiveTimeout to 900s. I am planning on adding the following stanza to distsearch.conf to reduce the knowledge bundle size:

[replicationWhitelist]
allConf = *.conf
allSpec = *.spec

I know that there may be network issues that are causing the problem. Are there any commands I can use to check the network health between the search head and indexer?
Any other suggestions to avoid this message would be welcome.

Reply
1 Solution
Solved! Jump to solution
Solution

nivedita_viswan
Path Finder
‎04-08-2015 10:35 AM

It turns out the problem was the nature of the query itself. Since the query was searching for sparse events, there were cases where it would run for 900s, and actually have nothing to return.
Increasing the timeout to a much larger value solved the problem

View solution in original post

Reply
Solved! Jump to solution
Solution

nivedita_viswan
Path Finder
‎04-08-2015 10:35 AM

It turns out the problem was the nature of the query itself. Since the query was searching for sparse events, there were cases where it would run for 900s, and actually have nothing to return.
Increasing the timeout to a much larger value solved the problem

Reply
Solved! Jump to solution

brodriguez
Splunk Employee
Splunk Employee
‎07-17-2023 09:18 AM

Could you please specify which timeout setting did you increase?

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎07-17-2023 11:06 AM

You're digging up an 8 years old thread. I wouldn't expect an answer from its original participants...

0 Karma
Reply
Solved! Jump to solution

dflodstrom
Builder
‎03-18-2015 10:17 AM

Have you covered the basics with ping, traceroute, and telnet?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...