Why do I get the following messages in splunkd.log after installing Splunk Universal Forwarder in a GCP instance? 12-16-2022 10:49:12.021 +0000 WARN AwsSDK [1903 ExecProcessor] - ClientConfiguration Retry Strategy will use the default max attempts. 12-16-2022 10:49:12.021 +0000 WARN AwsSDK [1903 ExecProcessor] - ClientConfiguration Retry Strategy will use the default max attempts. 12-16-2022 10:49:12.023 +0000 ERROR AwsSDK [1903 ExecProcessor] - EC2MetadataClient Http request to retrieve credentials failed with error code 404 12-16-2022 10:49:12.023 +0000 ERROR AwsSDK [1903 ExecProcessor] - EC2MetadataClient Can not retrive resource from http://169.254.169.254/latest/meta-data/placement/availability-zone   ... View more

what is the cause and solution for the following error? ERROR HttpClientRequest - HTTP client error=Connection closed by peer while accessing server=https://aws-ix-s2ioadata-backet-598294183213.s3-ap-northeast-1.amazonaws.com for request=https://aws-ix-s2ioadata-backet-598294183213.s3-ap-northeast-1.amazonaws.com/warmdata/ioaadsecurity/dma/f7/bb/812~2B94CFE8-9DC3-4E45-9ADF-CAF58B0CDDFE/89513704-8894-4CFC-AC58-9BF7D36B3B59_DM_Splunk_SA_CIM_Web/guidSplunk-2B94CFE8-9DC3-4E45-9ADF-CAF58B0CDDFE/metadata_checksum. ... View more

Do all HOT buckets of one indexer migrate to WARM buckets and create small buckets because the connection between the indexer and the cluster master was broken? ... View more

I have a indexer cluster and I have a Search head where ITSI is installed. I am planning on upgrading my Splunk environment. Do I have to perform any precautions in my ITSI instance?   ... View more

How does Splunk performance affect, when the status of "buckets_created_last_60m" and "percent_small_buckets_created_last_24h" became red in health check? ... View more

What is the time interval for predictive health score calculation cycle? Is it possible to set the predictive health score calculation cycle to 1-minute intervals? ... View more

The splunkd health has the following message:  The percentage of non-high priority searches skipped (97%) over the last 24 hours is very high and exceeded the red thresholds (20%) on this Splunk instance.  How do find what searches are high priority and what are non-high priority search in splunk? ... View more

We have implemented a real-time search in [Alerts] of Splunk that sends out an email when the corresponding search result is output. When multiple logs (error logs) are output to Splunk at the same time (timing), multiple e-mails are sent out, but we want the e-mails to be received in the order in which the logs were output, but the order in which the e-mails are received is different from the order in which the logs were output, and they are scattered. ※Splunk search results are output in the order in which the logs were generated. Example： ================ ■Splunk Side 01/01 00:00 Real-time search is executed & alert is triggered because alert condition (1) is met (Alert (1)) 01/01 00:00 Real-time search is executed & alert is triggered because alert condition (2) is met (Alert (2)) 01/01 00:00 Real-time search is executed & alert is triggered because alert condition (3) is met (Alert (3))  ■Mail receiving side 01/01 00:01 Mail received（Alert 2） 01/01 00:02 Mail received（Alert 3） 01/01 00:03 Mail received（Alert 1） ================ ※Mail is received in a scattered order.   How to receive emails in the same order as triggered alert? ... View more