Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

UF not reading all the logs in a log file

rahulhari88
Explorer
‎11-05-2022 04:11 AM

Observed a peculiar case where UF in a syslog is not reading the complete log file . If for example there exists a pan log for 4th Nov with logs available for every hour in that log file . UF seems to read only the first 4 hours and then stops ingesting to the cloud .The next day when new file log ie 5th Nov file is created it again starts to read that log file for couple of hours and then stops .

Points to be noted :

There is only one log file (2022-11-05.log)  which keeps updating as logs get pushed to the syslog from the network host .
Size of the log for one day is around 500 GB plus
No CRC is used in the input setting .

Can you let me know what is causing the UF to stop reading the complete log file

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...