Archive2
Highlighted

Unable to see logs on Splunk Cloud from some servers

New Member

There are 300 servers sending logs to the Heavy forwarder. The same common application is successfully deployed in all 300 servers and able to see all servers in forwarder-managment tab and app is also successfully deployed on all servers. But not able see logs from 200 on splunk cloud, also I can see logs are successfully coming to heavy forwarder as shown below in tcpdump output captured from HWF but unable to find logs of same server on Splunk Cloud.

22:50:10.781905 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151196:151286, ack 1, win 55, length 90
22:50:21.891218 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151286:153102, ack 1, win 55, length 1816
22:50:21.891845 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 153102:154925, ack 1, win 55, length 1823
22:50:21.897956 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 154925:155555, ack 1, win 55, length 630
22:50:21.899071 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155555:155906, ack 1, win 55, length 351
22:50:21.900269 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155906:156281, ack 1, win 55, length 375
22:50:21.901434 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156281:156735, ack 1, win 55, length 454
22:50:21.934712 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156735:165117, ack 1, win 55, length 8382

0 Karma
Reply