Hi All,

We have also started observing this error after upgrade to 9.0.1, in few forums it was discussed that it will resolved in next Splunk version 9.0.2. Now we have upgraded all our Splunk to 9.0.2 but still we observing this error in our Splunk instances.

If anyone has found any solutions kindly let us know.

Forgot to add the error:  "the health indicator "ingestion_latency_indexer_health" is red due to the following: "Indicator 'ingestion_latency_gap_multiplier' exceeded configured value."

Just synchronize the time zone of your machines. Because splunk think there is a delay in the transmission of your data

Same problem here with few differences :

- errors start occuring after upgrading to Splunk9 all instances except UF

- half of UF are Splunk8.2, other half 9.0

• Root Cause(s): :
  • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 15116027. Message from <guid of i-don't-know-what maybe a UF>:<ip of i-don't-know-what>:63981
  • Indicator 'ingestion_latency_gap_multiplier' exceeded configured value. The observed value is 1109533. Message from <an other guid of i-don't-know-what>:<an other ip of i-don't-know-what>:61771
• Unhealthy Instances:

  • indexer 1 of site 1
  • indexer 2 of site 1 (cluster of 4 indexers on 2 site in total)

   

I'm investigating, if I fin'd info or the solution I'll comment here! Good luck with your searches!

Hi,

Did you find any solution for this?