Re: Error message above search bar

bsantosh · ‎10-10-2018

Hi All,

When I am executing a search query something like "index=index1", I am getting the below error message above my search bar. I am still above fetch the results.

I have set the search mode to Verbose mode.

"! Some events cannot be displayed because they cannot be fetched from the remote search peer(s). This is likely caused by the natural expiration of the related remote search jobs. To view the omitted events, run the search again."

thanks,
Santosh

abeeber_3 · ‎10-25-2018

Have you checked your disk capacity on your SH?

I had a situation where a user reported a similar problem with one of his searches.

At the same time another user had submitted a number of searches that got stuck in the dispatch folder and ended up maxing out the disk space on the Search Server.

Once cleared, the other user's search ran as expected with out generated the error above.

richgalloway · ‎10-11-2018

Have you checked the connectivity to your indexers?

---
If this reply helps you, Karma would be appreciated.

bsantosh · ‎10-16-2018

Hi Richgalloway, thanks for your reply. I checked the connectivity with indexers and they look good.
Sorry for late reply.

Error message above search bar

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Join the Conversation