Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to delay with search result when run via Splunk API?

surabhi
New Member
‎03-24-2023 03:24 AM

Hi,

 

We have a platform where lot of dashboards are populated using splunk searches via splunk api call.

All the query runs fine and brings results in 30-40 secs however there is one query which brings results in around 5 mins. The query is not complex and runs within seconds on splunk search heads and I also used postman to check how long it takes- it was around seconds on postman as well. I beleive there is no issue at query end.

I checked the splunk logs for that particular SID which took 5 mins to run: I see below ERROR logs:

ERROR SHCRepJob [18757 SHPPushExecutorWorker-0] - failed job=SHPRepJob peer="splunk-search head", guid="xxx" aid=xxx, tgtPeer="splunk-search head ", tgtGuid="xxx", tgtRP=xxx, useSSL=false tgt_hp=xx:8089 tgt_guid=xx replicate?output_mode=json, error=500 - Failed to trigger replication (artifact='xxx Job id') (err='event=SHPSlave::replicateArtifactTo invalid status=alive to be a source for replication')

Any idea about this error. Because i do see this error on other queries SID which are running fine. I am not sure what exactly is the reason for delay.

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...