Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Indexing issue- Why is data going on and off?

ssuluguri
Path Finder
‎07-11-2023 12:02 PM

Hi Team,

 

We are ingesting data from syslot to splunk using Cyberark App . Data is going ON and OFF even though data available on /var/log/Cyberark .

ssuluguri_0-1689102150618.png

 

Can you suggest what can be the issue .

Labels (1)
Labels
0 Karma
Reply

mansisona
New Member
‎03-19-2024 09:53 PM

I am facing the same issue while using a scripted input. Did you find any ways to identify the root cause and fix it ? We are receiving data from a scripted input. we also tried putting that data in a csv file which has all the data. but still we are observing issues with data missing 

0 Karma
Reply

meetmshah
SplunkTrust
SplunkTrust
‎07-12-2023 12:04 PM

Hello @ssuluguri, Can you please confirm below - 

  1. How the _time is being extracted? If it's based on events - can you validate if the timestamp extraction is performed correctly?
  2. Can you check queues on the indexers?
  3. Can you run the search on real-time in Splunk along with running tcpdump on the host and validate if both are matching?
0 Karma
Reply

ssuluguri
Path Finder
‎07-12-2023 12:16 PM

You can also refer below screenshot.

ssuluguri_0-1689189394557.png

 

0 Karma
Reply

ssuluguri
Path Finder
‎07-12-2023 12:09 PM

Thanks for the reply Meet.

1.Data is indexing on cloud 

2.Data automatically populating for sometimes and going OFF.

Backend raw data .

ssuluguri_0-1689188937411.png

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...