Splunk Search

Why is the latest event indexed 4 days ago when server logs show current data?

taylorl
Explorer

Hi,

I have an issue currently where the last event was 4 days ago. I have checked the server logs manually and I can see we have a lot that splunk can not see. I think the service accounts were changed to a new one and then back to their accounts which leads me to believe this is the cause of the issue I am facing now.

Can anyone point me in the right direction on where to look to start troubleshooting? Restarting the services has been done and I can confirm they have been put back to the original starting ones.

Cheers!

Tags (3)
1 Solution

taylorl
Explorer

Actually I have just figured it out. Turns out the UNIVERSAL FORWARD service had been stopped. Restarted that and it's now working.

I should have also mentioned in my original post I had an UNIVERSAL FORWARD.

View solution in original post

0 Karma

taylorl
Explorer

Actually I have just figured it out. Turns out the UNIVERSAL FORWARD service had been stopped. Restarted that and it's now working.

I should have also mentioned in my original post I had an UNIVERSAL FORWARD.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...