Splunk Enterprise

Different Time to Reap Knowledge Bundle Directory between search peers

francoisternois
Path Finder

Hi,

I have a difference between 2 search peers, both members of my indexer cluster, for the time to Reap Knowledge Bundle Directory. The average of the first one is about 2~3s whereas the second one is about 30s (or more). The hardware is the same, no huge difference in the network.

It seems that the first one receive most of the time delta bundle but the 2nd one mainly baseline. I think that why it take more time - the bundles are bigger.

It results that sometimes the searches are really slow or fail. Any idea to solve this?

Regards,

Francois

Labels (1)
Tags (2)
0 Karma
1 Solution

francoisternois
Path Finder

Hi,

This was due to hardware issue on the RAID group.

Regards,

Francois

View solution in original post

0 Karma

francoisternois
Path Finder

Hi,

This was due to hardware issue on the RAID group.

Regards,

Francois

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...