Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is the earliest event in an index not reflective of what is displayed on the Cluster Master?

ankithreddy777
Contributor
‎03-15-2017 08:33 AM

On the Distributed Management Console tab on Cluster Master (CM), I found that earliest event in one of my console is May 10 2015 .
But when I search data in that index (Clustered) it only returns the data from Dec 15 2015. Also also used metadata command for that index, which is also showing the first time = Dec 15 2015.

May I know why the console on CM is showing earliest event is at MAY 10, 2015?

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎03-15-2017 08:52 AM

Hi ankithreddy777, it might be possible that the management console is looking over all indexes to find the earliest event. You can be certain of the starting point in time for you indexes by running this command over all time:

| tstats min(_time) as earliest_time, max(_time) as latest_time by index | convert ctime(*time)

This will give you the earliest as well as most recent event time for each index the search head is able to access.

Please let me know if this helps!

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎03-15-2017 08:50 AM

whats the path to the dashboard that is show the May 10 2015 reading?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...