Installation

Installed Splunk but no Data!

canton
New Member

I have installed Splunk on server and can login to splunk and browse but no data is showing in search section waht so ever.

I have also configured via Manager » Data inputs » Files & Directories.

But still no luck what could be wrong?

Thanks in advance

Tags (1)
0 Karma
1 Solution

Genti
Splunk Employee
Splunk Employee

So, when you go to Manager » Data inputs » Files & Directories do you see the file/directory you added as listed? And does it show a number of files next to it?

Is this directory perhaps owned by a different user and the splunk service does not have appropriate permissions to monitor/read the files within?

Are you searching using the "all time" time-range? Perhaps this is historic data and not showing up in the timeframe you are searching?

Lastly, if you search for "index=_internal", do you see any data show up?

View solution in original post

Genti
Splunk Employee
Splunk Employee

So, when you go to Manager » Data inputs » Files & Directories do you see the file/directory you added as listed? And does it show a number of files next to it?

Is this directory perhaps owned by a different user and the splunk service does not have appropriate permissions to monitor/read the files within?

Are you searching using the "all time" time-range? Perhaps this is historic data and not showing up in the timeframe you are searching?

Lastly, if you search for "index=_internal", do you see any data show up?

Genti
Splunk Employee
Splunk Employee

well, no, you have to be careful here. This means that you are receiving internal data. What about your OTHER data. Are you receiving the logs from the files that you already included in your data inputs?

0 Karma

canton
New Member

mmm after doing what you advised "index=_internal" all seemed to work or it may have been a coincidence.

regardless thank you for your help

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...