https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373566#M92853 <P>Hi Martin,<BR /> surely you need SSH access to splunk servers, aniway they'll contact you.<BR /> Bye.<BR /> Giuseppe</P> Wed, 28 Jun 2017 15:34:43 GMT gcusello 2017-06-28T15:34:43Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373560#M92847 <P>zcat syslog.*.gz | grep clamav</P> <P>i compare a successful one with the one who missing log in splunk, <BR /> both have clamav summary log in syslog</P> <P><A href="https://drive.google.com/file/d/0Bxs_ao6uuBDUc3hoOHVoVW5pM2c/view?usp=sharing">https://drive.google.com/file/d/0Bxs_ao6uuBDUc3hoOHVoVW5pM2c/view?usp=sharing</A><BR /> <A href="https://drive.google.com/file/d/0Bxs_ao6uuBDUZ2tYdzhydHNpVms/view?usp=sharing">https://drive.google.com/file/d/0Bxs_ao6uuBDUZ2tYdzhydHNpVms/view?usp=sharing</A></P> Wed, 28 Jun 2017 15:13:07 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373560#M92847 cyberportnoc 2017-06-28T15:13:07Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373561#M92848 <P>Hi cyberportnoc,<BR /> check using a larger time period, often the problem is in differences in timestamp.<BR /> Bye.<BR /> Giuseppe</P> Wed, 28 Jun 2017 15:18:26 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373561#M92848 gcusello 2017-06-28T15:18:26Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373562#M92849 <P>i had used 7 days, still no log<BR /> these log generated every day</P> Wed, 28 Jun 2017 15:20:52 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373562#M92849 cyberportnoc 2017-06-28T15:20:52Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373563#M92850 <P><A href="https://drive.google.com/file/d/0Bxs_ao6uuBDUVVBJcTczdlcwNUk/view?usp=sharing">https://drive.google.com/file/d/0Bxs_ao6uuBDUVVBJcTczdlcwNUk/view?usp=sharing</A><BR /> use 30 days, still no log</P> Wed, 28 Jun 2017 15:23:38 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373563#M92850 cyberportnoc 2017-06-28T15:23:38Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373564#M92851 <P>i am Martin and sent to <A href="mailto:support@splunk.com">support@splunk.com</A>, but i do not know ssh's password of splunk, <BR /> i can only have admin right to access web, so far at night shift. is there any one needed webex to investigate this issue?</P> Wed, 28 Jun 2017 15:28:18 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373564#M92851 cyberportnoc 2017-06-28T15:28:18Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373565#M92852 <P>Hi cyberportnoc,<BR /> Temporarly send your syslogs to a test index for a little period and search on this index, in this way you can be sure that you're receiving logs.<BR /> If there aren't there's a different problem to debug.<BR /> Bye.<BR /> Giuseppe</P> Wed, 28 Jun 2017 15:32:07 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373565#M92852 gcusello 2017-06-28T15:32:07Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373566#M92853 <P>Hi Martin,<BR /> surely you need SSH access to splunk servers, aniway they'll contact you.<BR /> Bye.<BR /> Giuseppe</P> Wed, 28 Jun 2017 15:34:43 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373566#M92853 gcusello 2017-06-28T15:34:43Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373567#M92854 <P>after troubleshooting , i found the reasons that no log in these hosts, </P> <P>some reasons that log file are locked by another process<BR /> ,and some are misconfiguration of rsyslog.conf </P> Wed, 28 Jun 2017 16:56:13 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373567#M92854 cyberportnoc 2017-06-28T16:56:13Z https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373568#M92855 <P>i found the reason in the recorded video case, <BR /> because the host use the same host name as another host, icnetwork01<BR /> so the file actually is icnetwork01 which exist in the list</P> Wed, 28 Jun 2017 17:00:10 GMT https://community.splunk.com/t5/Getting-Data-In/why-some-logs-are-missing-from-splunk/m-p/373568#M92855 cyberportnoc 2017-06-28T17:00:10Z