Re: Indexing issue

ssuluguri · ‎07-11-2023

Hi Team,

We are ingesting data from syslot to splunk using Cyberark App . Data is going ON and OFF even though data available on /var/log/Cyberark .

Can you suggest what can be the issue .

mansisona · ‎03-19-2024

I am facing the same issue while using a scripted input. Did you find any ways to identify the root cause and fix it ? We are receiving data from a scripted input. we also tried putting that data in a csv file which has all the data. but still we are observing issues with data missing

meetmshah · ‎07-12-2023

Hello @ssuluguri, Can you please confirm below -

How the _time is being extracted? If it's based on events - can you validate if the timestamp extraction is performed correctly?
Can you check queues on the indexers?
Can you run the search on real-time in Splunk along with running tcpdump on the host and validate if both are matching?

ssuluguri · ‎07-12-2023

You can also refer below screenshot.

ssuluguri · ‎07-12-2023

Thanks for the reply Meet.

1.Data is indexing on cloud

2.Data automatically populating for sometimes and going OFF.

Backend raw data .

Indexing issue- Why is data going on and off?

indexer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation