Hi
I have a splunk distributed architecture with 5 indexer and 3 SHC. But currently I am facing some issue.
On Distributed Management Console , all aspects looking good and normal , except below alerts notification.
*DMC Alert - Saturated Event-Processing Queues - One or more of your indexer queues is reporting a fill percentage, averaged over the last 15 minutes, of 90% or more.*
with the same time, on SHC web , below messages notifications occued.
*Search peer indexer1 has the following message: Too many streaming errors to target=indexer2. Not rolling hot buckets on further errors to this target. (This condition might exist with other targets too. Please check the logs)*
Kindly guide me and let me know what I have to suppose to do in this situation..
Thanks ..
↧