Hi,
Update :
We noticed that issue also happens when performing search on the _audit index !! As you can see below only 3 of the 4 indexers retreive informations
... View more
Hi,
Case opened with Splunk on this issue. Indexers randomly missing when performing search form the SH on various index. It seems to be linked with this error, moreover we don't have it in the search.log when all indexers are displayed in the splunk-server field (i.e for a search with no problem).
... View more
Hi,
In a multisite distributed search environment with 1 search head and 4 indexers, it seems that the Search Head has difficulties to retrieve answers from the different indexers. Found this error in the search result of the search head :
ERROR SearchResultParserExecutor - Encountered an error deserializing SearchResultsInfo from ResultsStream header.
Anybody knows if it linked and how to fix it?
Splunk Entreprise 6.3.1
... View more
Thanks for your answer ! Problem solved => multi-sites configuration, need to put site=site0 in server.conf on the search head to perform search accross all sites !
... View more
Hi,
In a distributed mode with 1 search head and 4 indexers, when making a search through the search head, 2 of the for 4 indexers are not showing indexed data except internal logs of other Splunk infrastructure elements. The indexer is reachable, searchable and indexing data of different equipment. Anyone got an idea? (version 6.3.1)
Thanks !
... View more