ERROR Timeliner - xyz Events missing due to corrup...

pragycho · ‎02-14-2021

Hi ,

We noticed errors in the splunkd.log.

These are all the messages from Timeliner that appears on the search head :

Error

11-11-2020 18:15:23.008 +0100 WARN Timeliner - Error requesting remote event from https://xyz return code 404

11-11-2020 18:15:23.011 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:28.389 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.204 +0100 ERROR Timeliner - 36 Events missing due to corrupt or expired remote artifact(s).

11-11-2020 18:15:29.686 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

12-04-2020 20:24:12.263 +0100 WARN Timeliner - Error requesting remote event from https://xyz, return code 404

12-04-2020 20:24:12.266 +0100 ERROR Timeliner - 50 Events missing due to corrupt or expired remote artifact(s).

Could you, please, check and advise on this?

tscroggins · ‎02-20-2021

@pragycho

I've not seen this error before, but I would guess it was an issue accessing or reading the contents of the dispatch directory on the search peer. Is additional error detailed provided in the peer log? Have you provided diag bundles from the search head and search peer to Splunk support?

ERROR Timeliner - xyz Events missing due to corrupt or expired remote artifact(s).

search job inspector

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?