Dashboards & Visualizations

Why am I getting this error message in my dashboard panel? "Unknown error for peer host name. Search Results might be incomplete. If this occurs frequently, please check on the peer"

Hemnaath
Motivator

Hi All, Currently I am facing an issue in a few of the dashboard panels that used to send a report on License Metrics. Now we are not getting the events data for some of the dashboard panels and instead we are seeing this message popup in the dashboard panel.

"Unknown error for peer host name. Search Results might be incomplete. If this occurs frequently, please check on the peer"

When checked by executing the open search I see no result found and by breaking the query until index=summary, we see events but not when we run full query as mentioned below.

earliest=-1d@d latest=@d index=summary category=splunk_metric subcategory=indexing src_type=license_usage
| eval gb=(b/1024/1024/1024)
| timechart span=1h sum(gb) as GB by st

Kindly guide me how to troubleshoot this issue and which log files I should check for the error details.

Thanks in advance.

0 Karma

srinathd
Contributor
0 Karma

Hemnaath
Motivator

Hi All, Sorry for delayed response on this issue, still I am facing this issue, when executed the query , could notice that all the three fields name are missing in the events from last month. But we could see the events getting indexed to the index=summary but below three fields are missing. Need to create dashboard for Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype.

Field name
category=splunk_metric
subcategory=indexing
src_type=license_usage

how to get this fixed. Could you please provide me some help on this issue.
Thanks in advance.

0 Karma

Hemnaath
Motivator

Hi All, Can any one guide me on this issue. I am not sure how to get the missing field name back in the index=summary , or is there a way to get required data "Prev Day Log Volume by Sourcetype (1h spans) & Prev 7 Days Splunk Log Volume by Sourcetype" for creation of dashboard without this fields.

Kindly guide me on this.

0 Karma

Hemnaath
Motivator

Hi All, Can any one guide me on this issue.

Thanks in advance.

0 Karma

Hemnaath
Motivator

Hi All, I have fixed the issue by using the below query and got the desired output.

Problem : Unable to fetch the data in the dashboard and reason was there is no field name present in the index=summary.

Missing filed name
category=splunk_metric
subcategory=indexing
src_type=license_usage

Solution : used index=_internal to get the log volume data by source type.
Query
earliest=-1d@d latest=@d index="_internal" source="*metrics.log" group="per_sourcetype_thruput" | eval GB=(kb/1024/1024/1024) | rename series as st | timechart span=1h sum(GB) by st

Worked fine.

0 Karma

adonio
Ultra Champion

hello there,
here is an accepted answer with same error:
https://answers.splunk.com/answers/506621/unknown-error-for-peer-xxx-search-results-might-be.html
if you have a Distributed Management Console (or MC) try and see if this particular is up.
also, try and search for errors and warning regarding this particular peer: index = _internal host = <YourPeerHere> log_level = error OR log_level = warn*
hope it helps

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...