Splunk Search

I see events in the data summary for a host. However, when I search, I don't see any data. How do I see it?

rajindurbal
Path Finder

I see the host IP 1.2.3.4 with 1000 events in the last 30 minutes. However, when I run the search, the search does not return any events. Why is this? Thank you for any assistance you may provide.

Tags (1)
0 Karma

vr2312
Contributor

Hello @rajindurbal

Please ensure your account/role has the privileges to search for the index/host.

0 Karma

rajindurbal
Path Finder

Hello @vr2312 ,

I am in an admin role. This data is coming in via syslog and coming in through an networking index which I am not sure where that is configured because I don't see it under the indexes.

0 Karma

skoelpin
SplunkTrust
SplunkTrust

You should post your query

0 Karma

vr2312
Contributor

@rajindurbal You can probably duplicate the inputs.conf and forward it to another index to check if data is being received. I assume you cannot see the mentioned index in the indexes.conf under the IDXs ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What is your search?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...