I'm currently testing a real-time search solution via the Java SDK.
My dev set-up consists of one search head and one indexer.
I've observed the following behavior in both the GUI and Java implementations of search.
GUI:
1. Start windowed real-time search on search head. Events found and displayed in GUI.
2. RESTART indexer.
3. Real-time search is still running but, no new data is registered.
4. Resubmit the same windowed real time search and see events again.
JAVA:
1. Connect to search head and start windowed real-time search. Events found and displayed.
2. RESTART indexer.
3. Real-time search job is returning dispatch state of RUNNING but, no new data is returned.
Why is it behaving this way and how do I capture this so I can try and reset it myself via Java?
Can I expect the same in a clustered indexer environment?
↧