Hi ,
We noticed errors in the splunkd.log.
These are all the messages from Timeliner that appears on the search head :
Error
11-11-2020 18:15:23.008 +0100 WARN Timeliner - Error requesting remote event from https://xyz return code 404
11-11-2020 18:15:23.011 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).
11-11-2020 18:15:28.389 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).
11-11-2020 18:15:29.204 +0100 ERROR Timeliner - 36 Events missing due to corrupt or expired remote artifact(s).
11-11-2020 18:15:29.686 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).
12-04-2020 20:24:12.263 +0100 WARN Timeliner - Error requesting remote event from https://xyz, return code 404
12-04-2020 20:24:12.266 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).
Could you, please, check and advise on this?
I've not seen this error before, but I would guess it was an issue accessing or reading the contents of the dispatch directory on the search peer. Is additional error detailed provided in the peer log? Have you provided diag bundles from the search head and search peer to Splunk support?