Splunk Enterprise Security

Error message Failed to sync collection and investigations

zdrazil
New Member

I am getting below error message.

2019-07-11 09:36:25,643+0000 ERROR pid=18084 tid=MainThread file=configuration_check.py:run:228 | status="completed" task="confcheck_es_sync_investigation_xrefs" message="Failed to sync xref collection and investigations: Could not get investigation notable xrefs"

I have single-instance environment with fresh installation of Splunk Enterprise 7.2.7 and ES 5.3.0. I excluded all add-on during ES installation.

Can you please explain why this error message is coming and is there any impact on Splunk or ES?

thanks in advance for your reply
Michal

0 Karma

zdrazil
New Member

I've solved it. 🙂 It is not right solution. I've reinstalled Splunk and ES. The error is gone.

0 Karma

lakshman239
Influencer

Pls check the health of the kvstore and may need a restart again.

0 Karma

zdrazil
New Member

I've checked kvstore status by command:

./splunk show kvstore-status

Status is ready.

I am not sure how to check health of kvstore. You mean Monitoring console/Health check?

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...