Error message Failed to sync collection and invest...

zdrazil · ‎07-11-2019

I am getting below error message.

2019-07-11 09:36:25,643+0000 ERROR pid=18084 tid=MainThread file=configuration_check.py:run:228 | status="completed" task="confcheck_es_sync_investigation_xrefs" message="Failed to sync xref collection and investigations: Could not get investigation notable xrefs"

I have single-instance environment with fresh installation of Splunk Enterprise 7.2.7 and ES 5.3.0. I excluded all add-on during ES installation.

Can you please explain why this error message is coming and is there any impact on Splunk or ES?

thanks in advance for your reply
Michal

zdrazil · ‎07-22-2019

I've solved it. 🙂 It is not right solution. I've reinstalled Splunk and ES. The error is gone.

lakshman239 · ‎07-20-2019

Pls check the health of the kvstore and may need a restart again.

zdrazil · ‎07-22-2019

I've checked kvstore status by command:

./splunk show kvstore-status

Status is ready.

I am not sure how to check health of kvstore. You mean Monitoring console/Health check?

Error message Failed to sync collection and investigations

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Error message Failed to sync collection and investigations

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+