cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jencot01
Loves-to-Learn Lots
Member since: ‎07-12-2021
‎05-24-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-12-2021
View All

Re: Explain to me like I'm 4, indexes.conf, the st...

by in Deployment Architecture
‎05-24-2023 09:34 AM
‎05-24-2023 09:34 AM
I have a follow-up question on this explanation... If you have an index with this configuration: [index] homePath = volume:primary/index/db coldPath = volume:primary/index/colddb thawedPath = $SPLUNK_DB/index/thaweddb tstatsHomePath = volume:primary/index/datamodel_summary maxTotalDataSizeMB = 102400 frozenTimePeriodInSecs = 31536000 (one year) coldToFrozenDir = /splunkdata/frozen/$_index_name If the maxTotalDataSizeMB is reached before frozenTimePeriodInSecs, does the data get deleted without archiving first or does it get archived first since coldToFrozenDir is configured? ... View more

Re: Why the error "Socket error from [Search Head ...

by in Splunk Enterprise
‎10-20-2022 08:31 AM
‎10-20-2022 08:31 AM
To add to the above, I have also found this error in splunkd.log on the indexers: ERROR SearchProcessRunner  PreforkedSearchesManager-0   - preforked process = 0/253717  hung up This error aligns with the "broken pipe" error on my post above.  There are no skipped searches. I'm at a loss to what I steps I should take next to troubleshoot this issue.   Again, any help/suggestions would be appreciated. ... View more

What is this error "Socket error from [Search Head...

by in Splunk Enterprise
‎10-18-2022 12:09 PM
‎10-18-2022 12:09 PM
I have recently run into an issue with multiple "WARN HttpListener [HttpDedicatedIoThread:0] Socket error from [Search Head IP] while accessing /services/streams/search: broken pipe" for each Indexer in the Index cluster. There is a SH cluster, and a standalone SH. The standalone houses an app that does heavy backend searching. And the majority of the errors are from the standalone. When looking at the "I/O Operations per second" and "Storage I/O Saturation (cold/hot/opt)" from the Monitoring Console all instances are below 1%. I am not sure which settings to adjust to fix this error. Would adjusting the maxSockets and/or maxThreads in the server.conf help? Currently they are both set to default. Or should I be looking at values in limits.conf? This is happening on version 9.0.1. Any suggestions to help solve this would be much appreciated. Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-24-2023 06:36 PM