Hi All, Currently I am facing an issue in a few of the dashboard panels that used to send a report on License Metrics. Now we are not getting the events data for some of the dashboard panels and instead we are seeing this message popup in the dashboard panel.
"Unknown error for peer host name. Search Results might be incomplete. If this occurs frequently, please check on the peer"
When checked by executing the open search I see no result found
and by breaking the query until index=summary, we see events but not when we run full query as mentioned below.
earliest=-1d@d latest=@d index=summary category=splunk_metric subcategory=indexing src_type=license_usage
| eval gb=(b/1024/1024/1024)
| timechart span=1h sum(gb) as GB by st
Kindly guide me how to troubleshoot this issue and which log files I should check for the error details.
Thanks in advance.
Please check this and search for SPL-99110
https://docs.splunk.com/Documentation/Splunk/6.6.2/ReleaseNotes/Knownissues
Hi All, Sorry for delayed response on this issue, still I am facing this issue, when executed the query , could notice that all the three fields name are missing in the events from last month. But we could see the events getting indexed to the index=summary but below three fields are missing. Need to create dashboard for Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype.
Field name
category=splunk_metric
subcategory=indexing
src_type=license_usage
how to get this fixed. Could you please provide me some help on this issue.
Thanks in advance.
Hi All, Can any one guide me on this issue. I am not sure how to get the missing field name back in the index=summary , or is there a way to get required data "Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype" for creation of dashboard without this fields.
Kindly guide me on this.
Hi All, Can any one guide me on this issue.
Thanks in advance.
Hi All, I have fixed the issue by using the below query and got the desired output.
Problem : Unable to fetch the data in the dashboard and reason was there is no field name present in the index=summary.
Missing filed name
category=splunk_metric
subcategory=indexing
src_type=license_usage
Solution : used index=_internal to get the log volume data by source type.
Query
earliest=-1d@d latest=@d index="_internal" source="*metrics.log" group="per_sourcetype_thruput" | eval GB=(kb/1024/1024/1024) | rename series as st | timechart span=1h sum(GB) by st
Worked fine.
hello there,
here is an accepted answer with same error:
https://answers.splunk.com/answers/506621/unknown-error-for-peer-xxx-search-results-might-be.html
if you have a Distributed Management Console (or MC) try and see if this particular is up.
also, try and search for errors and warning regarding this particular peer: index = _internal host = <YourPeerHere> log_level = error OR log_level = warn*
hope it helps