A warning icon next to a dashboard widget or in the Explore Logs page indicates that query results might be incomplete.
One cause is a timeout during dynamic field extraction as the query is run. A timeout can occur when VMware Aria Operations for Logs becomes overloaded processing many log events, many queries, or complex content. Timeouts can result in a small portion of collected logs being ignored. A warning icon and detailed warning message inform you about these timeouts.
Note: Results for queries affected by timeouts are not fixed and can vary, depending on the
VMware Aria Operations for Logs load at the moment and the quantity of logs that are being processed for the query.
To resolve the problem, try the following actions.
- Ensure VMware Aria Operations for Logs sizing is correct for the ingestion load. For more information about sizing, see
- Navigate to Management > System Monitor tab to check the ingestion load.
Note: To troubleshoot query results, you must be an administrator or a user with edit access for the permission.
- Go to the Active Queries tab of the System Monitor page to check the number of active queries and how long it took to run them.
- Make sure that VMware Aria Operations for Logs is sized correctly for the current ingestion rate.
- Navigate to Management > System Monitor tab to check the ingestion load.
- Revise your query. In some cases, queries that have long processing times and the potential to time out contain a group-by clause, cover a significant number of logs, or return a relatively large number of results.
Instead of a query whose result is a single value, substitute a query that produces time series results. This type of query is not affected by log volume during query processing.