Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Data not ingested for only a few days

ishugupta
Path Finder
‎09-12-2014 11:09 AM

I am facing a weird issue ,A particular file has only been ingested for 4 days day even though we we have been receiving it for last 10 days .
I looked the configuration , inputs.conf and props.conf , they are unchanged and the data got ingested yesterday as well .
I have gone through the logs on the forwarder as well .
Can you please tell me where I can look for error on indexers , or can there be any potential issue that someone can point out?

Tags (1)
0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎09-12-2014 02:03 PM

If the new file that gets placed there is "too similar" to the prior version, Splunk will refuse to index it on the belief that it already has. By "too similar" I mean "if the first <default> 256 bytes are the same". This size can be updated (see initCrcLength in inputs.conf).

Reply

ishugupta
Path Finder
‎09-12-2014 01:35 PM

we keep on placing new file each day.
I researched more , I checked the log on the indexer license_usage.log , I can see the entry there...still I cant pull up the file on the console..

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎09-12-2014 01:26 PM

More information please:

Is ths new contents on the same filename (i.e. a complete replacement)?

Or is it continued additions to a single file? (i.e. same file growing larger day by day)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...