Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I index data in real time?

chintan_shah
Path Finder
‎09-21-2017 11:11 AM

I have created an alert which checks if logs are not present in last 20 mins per source. I have around 32 source files from single forwarder. Many of my files are not getting indexed in real time and I am receiving this alert frequently.

Can anyone tell me any parameters which needs to be changed so that I can index the data in real time?
is there any mechanism to check what is the inflow rate of the data?

System Info:
I also see my CPU is around 80% idle and working Windows OS. I have 4 Core machine 32gb ram
Splunk Enterprise 6.4.3

0 Karma
Reply

DalJeanis
Legend
‎09-27-2017 12:31 PM

@chintan_shah - First, please determine whether the files are not being indexed in a timely manner, or not being forwarded in a timely manner.

Second, check through the debug steps at "I can't find my data"

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-27-2017 08:30 AM

Hi @chintan_shah,

Are you getting any error in Splunk Universal Forwarder's splunkd.log ?

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...

From GPU to Application: Monitoring Cisco AI Infrastructure with Splunk Observability ...

AI workloads are different. They demand specialized infrastructure—powerful GPUs, enterprise-grade networking, ...

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...