https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624895#M217229 <P>I can only say to review logs on both the sender side and splunkd.log. &nbsp;My only experience with HEC is from Puppet's Splunk HEC app, and the only thing I had to figure out was how to force HEC to offer outdated SSL algorithm. (Not the app's fault, just to be clear.) &nbsp;It is hard to read error messages that don't tell you how to solve. &nbsp;But no error message would make it much harder - and absence of error remains a possibility. &nbsp;That's why I suggested Admin forum.</P> Tue, 20 Dec 2022 20:34:06 GMT yuanliu 2022-12-20T20:34:06Z https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624779#M217193 <P>Hi All,</P> <P>&nbsp;</P> <P>I have integrated Splunk HEC with springboot .when i hit application and checked in splunk am unable to see logs in splunk search with given index .am using source type as log4j2&nbsp;</P> <P>Can any one help me .</P> <P>&nbsp;</P> <P>Thanks in advance</P> Tue, 20 Dec 2022 06:59:44 GMT https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624779#M217193 sindhuja 2022-12-20T06:59:44Z https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624783#M217194 <P>Looks like an ingestion problem, not a search problem. &nbsp;You'll get better information by moving this to&nbsp;<A href="https://community.splunk.com/t5/Getting-Data-In/bd-p/getting-data-in" target="_blank">Getting Data In</A>. &nbsp;Do you have any log indicating that HEC ingestion happened?</P> Tue, 20 Dec 2022 03:40:05 GMT https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624783#M217194 yuanliu 2022-12-20T03:40:05Z https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624803#M217200 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/252319">@sindhuja</a>,</P><P>as&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/33901">@yuanliu</a>&nbsp;said, it seems to be an ingestion problem, but to me more sure, you could use a larger search:</P><LI-CODE lang="markup">index=* sourcetype=log4j</LI-CODE><P>and see results.</P><P>Then you could analyze the input phase to identify where's the problem.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 20 Dec 2022 08:02:57 GMT https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624803#M217200 gcusello 2022-12-20T08:02:57Z https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624893#M217228 <P>hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/33901">@yuanliu</a></P><P>&nbsp;</P><P>How can i check HEC ingestion happened from my application side?</P><P>&nbsp;</P> Tue, 20 Dec 2022 19:52:50 GMT https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624893#M217228 sindhuja 2022-12-20T19:52:50Z https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624895#M217229 <P>I can only say to review logs on both the sender side and splunkd.log. &nbsp;My only experience with HEC is from Puppet's Splunk HEC app, and the only thing I had to figure out was how to force HEC to offer outdated SSL algorithm. (Not the app's fault, just to be clear.) &nbsp;It is hard to read error messages that don't tell you how to solve. &nbsp;But no error message would make it much harder - and absence of error remains a possibility. &nbsp;That's why I suggested Admin forum.</P> Tue, 20 Dec 2022 20:34:06 GMT https://community.splunk.com/t5/Splunk-Search/Why-is-splunk-not-showing-logs-when-searched-with-index/m-p/624895#M217229 yuanliu 2022-12-20T20:34:06Z