Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Configured inputs to monitor a file path but no events visible in Splunk

blbr123
Path Finder
‎05-02-2022 05:13 AM

Hi All,

I have configured inputs to monitor a file path but no events visible in Splunk.

 

Checked internal index and found the below error

 

 

 

Preview file
1945 KB
0 Karma
Reply

Roy_9
Motivator
‎05-02-2022 03:50 PM

@blbr123 Sharing the inputs.conf file will help us look at this issue in a deeper level.

Did you create a separate index for this activity?

Have you checked whether the firewall connection is in place between the source(host) and destination(Splunk)

0 Karma
Reply

renjith_nair
Legend
‎05-02-2022 05:20 AM

The error mentioned shouldnt be the reason for missing the data. There could be multiple reasons and close look into the splunkd log should give you some hints.

Please refer to this documentation for generic reasons

https://docs.splunk.com/Documentation/Splunk/8.2.6/Troubleshooting/Cantfinddata

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-02-2022 05:20 AM

What exactly are you trying to monitor?  Are you sure it has data?  Please share the inputs.conf settings.

Also, how are you trying to find the data?  It may be there, but your search might be incorrect.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...