Splunk Search

ERROR Timeliner - xyz Events missing due to corrupt or expired remote artifact(s).

pragycho
Loves-to-Learn

Hi ,

We noticed errors in the splunkd.log.

These are all the messages from Timeliner that appears on the search head :

Error

11-11-2020 18:15:23.008 +0100 WARN  Timeliner - Error requesting remote event from https://xyz return code 404

11-11-2020 18:15:23.011 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:28.389 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.204 +0100 ERROR Timeliner - 36 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.686 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

12-04-2020 20:24:12.263 +0100 WARN  Timeliner - Error requesting remote event from https://xyz, return code 404

12-04-2020 20:24:12.266 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

Could you, please, check and advise on this?

Labels (1)
0 Karma

tscroggins
Influencer

@pragycho 

I've not seen this error before, but I would guess it was an issue accessing or reading the contents of the dispatch directory on the search peer. Is additional error detailed provided in the peer log? Have you provided diag bundles from the search head and search peer to Splunk support?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...