Splunk Search

ERROR Timeliner - xyz Events missing due to corrupt or expired remote artifact(s).

pragycho
Loves-to-Learn

Hi ,

We noticed errors in the splunkd.log.

These are all the messages from Timeliner that appears on the search head :

Error

11-11-2020 18:15:23.008 +0100 WARN  Timeliner - Error requesting remote event from https://xyz return code 404

11-11-2020 18:15:23.011 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:28.389 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.204 +0100 ERROR Timeliner - 36 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.686 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

12-04-2020 20:24:12.263 +0100 WARN  Timeliner - Error requesting remote event from https://xyz, return code 404

12-04-2020 20:24:12.266 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

Could you, please, check and advise on this?

Labels (1)
0 Karma

tscroggins
Influencer

@pragycho 

I've not seen this error before, but I would guess it was an issue accessing or reading the contents of the dispatch directory on the search peer. Is additional error detailed provided in the peer log? Have you provided diag bundles from the search head and search peer to Splunk support?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...