Splunk Search

Why is the nodejs unable to perform a number of sequential queries?

faustf
Communicator

Hi guys,

I have a nodejs service that needs to perform number of sequential queries:
e.g:

search mysearch from 01/01/2018 00:00:00 to 00:05:00
search mysearch from 01/01/2018 00:05:00 to 00:10:00
search mysearch from 01/01/2018 00:10:00 to 00:15:00
....
....
until 14/01/2018 00:00:00

The queries are very fast ( < 1s)

In my tests environment I have no problem (Splunk version 6.5.2)

In my production environment (Splunk version: 6.6.2), after some queries I receive an error:

[SPLUNKD] Unknown sid.
error: SplunkSearcher.search :: Error {"response":{"headers":{"date":"Mon, 05 Feb 2018 12:45:31 GMT","expires":"Thu, 26 Oct 1978 00:00:00 GMT","cache-control":"no-store, no-cache, must-revalidate, max-age=0","content-type":"application/json; charset=UTF-8","x-content-type-options":"nosniff","content-length":"53","vary":"Cookie, Authorization","connection":"Close","set-cookie":["splunkd_8089=jlHwfXrZZNgO.....; Path=/; Secure; HttpOnly; Max-Age=3600; Expires=Mon, 05 Feb 2018 13:45:31 GMT"],"x-frame-options":"SAMEORIGIN","server":"Splunkd"},"statusCode":404},"status":404,"data":{"messages":[{"type":"FATAL","text":"Unknown sid."}]},"error":null}

The nodejs service and the Splunk server are on the same server.

What could be the problem and how can I debug it?

thank you

0 Karma

faustf
Communicator

No one can help me?

0 Karma

paramagurukarth
Builder

Even I had similar issue when I was working with nodeJs...
But in a different environment.. CLient Browser + Server NodeJs(web component)..

In my issue the problem was not with node js... It was with the client browser.. Maximum concurrent session for a domain is 6...

May be your issue is also in the consumer part.. nodejs mostly works fine..
Try investigate on your consumer side as well...
It may queue your requests...

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...