Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Indexing issue- Why is data going on and off?

ssuluguri
Path Finder
‎07-11-2023 12:02 PM

Hi Team,

 

We are ingesting data from syslot to splunk using Cyberark App . Data is going ON and OFF even though data available on /var/log/Cyberark .

ssuluguri_0-1689102150618.png

 

Can you suggest what can be the issue .

Labels (1)
Labels
0 Karma
Reply

mansisona
New Member
‎03-19-2024 09:53 PM

I am facing the same issue while using a scripted input. Did you find any ways to identify the root cause and fix it ? We are receiving data from a scripted input. we also tried putting that data in a csv file which has all the data. but still we are observing issues with data missing 

0 Karma
Reply

meetmshah
Contributor
‎07-12-2023 12:04 PM

Hello @ssuluguri, Can you please confirm below - 

  1. How the _time is being extracted? If it's based on events - can you validate if the timestamp extraction is performed correctly?
  2. Can you check queues on the indexers?
  3. Can you run the search on real-time in Splunk along with running tcpdump on the host and validate if both are matching?
0 Karma
Reply

ssuluguri
Path Finder
‎07-12-2023 12:16 PM

You can also refer below screenshot.

ssuluguri_0-1689189394557.png

 

0 Karma
Reply

ssuluguri
Path Finder
‎07-12-2023 12:09 PM

Thanks for the reply Meet.

1.Data is indexing on cloud 

2.Data automatically populating for sometimes and going OFF.

Backend raw data .

ssuluguri_0-1689188937411.png

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...