Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Data upload from splunk ui is successful, but data is not appearing in search

jagdish0886
Explorer
‎04-18-2020 06:44 PM

Hi,
I have uploaded the data to splunk, but while searching the data doesnt appear, I have shared the screenshots as well. Can you please help here.
Index used - default
log file type - .log
search criteria - all time
Splunk version of docker - store/splunk/splunk:7.3

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jagdish0886
Explorer
‎04-18-2020 09:02 PM

I have got a solution:

default volume size is 5 GB in splunk for each of the container, either you need to increase the volume size (for path /var/lib/docker/volumes path on host machine of the docker containers ) or reduce the parameter value to lower the size in server.conf of each of the container:

refer below thread for more details:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Setlimitsondiskusage#Set_minimum_free_dis...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jagdish0886
Explorer
‎04-18-2020 09:02 PM

I have got a solution:

default volume size is 5 GB in splunk for each of the container, either you need to increase the volume size (for path /var/lib/docker/volumes path on host machine of the docker containers ) or reduce the parameter value to lower the size in server.conf of each of the container:

refer below thread for more details:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Setlimitsondiskusage#Set_minimum_free_dis...

0 Karma
Reply
Solved! Jump to solution

jagdish0886
Explorer
‎04-18-2020 07:18 PM

adding few more details:
When I upload the data from Splunk UI, it notifies that data is successfully uploaded, however
indexed data doesn't reflect in Splunk indexed data path opt/splunk/var/lib/splunk/spice-index/db and hence not searchable from splunk UI. Please help how to make the data searchable:

Index used: default and custom (both same issue)
search criteria: all time
splunk docker container: version store/splunk/splunk:7.3  developer licence
file size : 500 KB file type .log
browser: tried with chrome and IE
0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...