Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Not indexing

kcav
New Member
‎08-27-2013 07:52 AM

We have just set up Distributed search with 2 indexers and one search node. Our data source is a folder with log files. The splunkd.log show many lines with the following
WatchFile - using folow tail will begin reading EOF for F:\splunk\index01....
But we get No results when searching. Are we being impatient?

Tags (2)
0 Karma
Reply

kcav
New Member
‎08-27-2013 07:58 AM

Thanks for your help

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎08-27-2013 07:56 AM

it can be :

  • the forwarder has a default thruput limit of 256KBps, and is queuing a large file
  • the events have a misconfigured sourcetype, causing the timestamp/timezone to be misinterpreted, and the events to be in the future (or centuries in the past). Verify with a real-time "alltime" search to see the events that are currently received.

you also can check in your license logs to see is the file has been indexed (index=_internal source=license_usage.log "myfile" )

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...