Hi,
we have strange events in our internal index; we are assuming the loss of data. Could someone please help ous out finding the cause? We can provide the following logs:
*06-26-2018 10:58:07.829 +0200 ERROR StreamGroup - failed to drain remainder total_sz=4 bytes_freed=1123 avg_bytes_per_iv=280 sth=0x7f1840bffd70: [1530003401, /hot-index/local/fw_vpn/db/hot_v1_369, 0x7f1806d64ca0] reason=st_sync failed rc=-6 warm_rc=[-4,17]
06-26-2018 10:13:07.674 +0200 ERROR StreamGroup - failed to add corrupt marker to dir=/hot-index/local/_internal/db/hot_v1_2211 errno=File exists
06-26-2018 09:38:29.530 +0200 ERROR StreamGroup - unexpected rc=-8 from IndexableValue->index
06-26-2018 04:39:54.208 +0200 ERROR StreamGroup - failed to add corrupt marker to dir=/hot-index/local/windows_server_security/db/hot_v1_764 errno=File exists
06-26-2018 11:25:10.106 +0200 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
06-26-2018 10:49:26.112 +0200 WARN HttpListener - Socket error from 160.xx.xxx.xx while accessing /services/streams/search: Broken pipe*
We are using Splunk 6.6.4 (Build 00895e76d346 ).
If you need more info, please ask. Thank you in advance for any help on this.
Best wishes
Ron
↧