Troubleshooting Search
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Troubleshooting Search

  • Dark
    Light
  • PDF

This document will help you to Troubleshoot the search issues and identify the blockages and resolve it.

The stages that query execution travels through are explained below.

Queuing of the Queries

  • Hourglass icon: This icon indicates that an executed query is in waiting stage.

image.png

  • Magnifying glass icon: This icon indicates that the executed query is out of the queue and is in the processing stage.

Processing of the Query

  • Magnifying glass icon in circular motion: This icon indicates that the executed query is out of the queue and is in the processing stage.

image.png

Successful Query Execution

  • Tick Mark: This icon indicates that the query has been successfully executed and the output for the triggered query will be displayed on screen.

image.png

  • Retry icon: This icon indicates that there was some error/failure in executing the query.

Error messages are specific to the issues encountered during the query execution process, listed below are some of the error messages.

Worker Down

This error message is displayed when the workers used for searching the queries are Down/Fatal or either unavailable at that moment.

image.png

  • The system is built to autocover from this failure.
  • If the error persists after some time, navigate to Manage Components, and check services of Core.
  • Restart Compute Leader service.
  • Now execute the query and check again
    • If all the above checks are completed and still you cannot execute queries, contact DNIF support or forum.dnif.it

Server Down

This error message is displayed when the server used for execution of queries is down or either unavailable for that moment.
The system is built to autocover from this failure. If the error persists after some time, please reach out to the DNIF Community Forum via https://forum.dnif.it

image.png

Internal Error

This error message is displayed when the query execution leads to failure, due to some reasons other than mentioned in the error messages list.

image.png

If INTERNAL ERROR message is displayed, follow the steps below:

  • Navigate to Notable Events and verify if following errors are displayed for the specific duration.
  • Query Server Down
  • If issue persists evven after following the steps mentioned in Query Server Down, perform the steps below.
  • Check the status of Compute leader service on Core and Compute service on the datanodes.
  • If any of the above mentioned service is in stopped state, restart that service.
  • If you are unable to restart the service or if all the above checks are completed and still you cannot execute queries, contact DNIF support or forum.dnif.it

No Data

This error message is displayed when Data is not available for the specific duration for which query has been executed.

image.png

To confirm if the Data is not available

  • Navigate to Manage Components, Adapter and hover on **EPS Timeline chart **.
  • If EPS value is 0 for the specific duration, this indicates that the data was not ingested into the system.
  • Check log source configurations, for more details refer: Getting data into DNIF or Troubleshooting connectors.
  • If EPS value is > 0 this indicates that data is received on the Adapter.
  • Now reset the time interval as per data ingestion and execute search for the new time interval.
  • Check Streams value set for search is available under Streams page.
  • Check the current streams populated using DQL queries.
_fetch * from event where $Duration=1h group count_unique $Stream limit 0
  • If all the above checks are completed and still you cannot execute queries, contact DNIF support or forum.dnif.it

Was this article helpful?