My logs showing before April 2nd only when I check for previous 7 days it's not showing what may be the issue please share solution to us . But there is no error is showing . In actuall the log is batchdog.log under this log there are similar logs are rolled like batchdog.lig.mmddyy.*log
Any help please . There is no issues in splunkd.log also
Yes I checked all my data is parsing well.
My splunk enterprise version is 7.3.2
On UF side what it shows when you are writing as splunk/root (user which runs splunkd at UF):
splunk list inputstatus
You should find entry for that file like:
/....../splunk/var/log/watchdog/watchdog.log
file position = 5427
file size = 5427
parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*
percent = 100.00
type = finished reading
This show if those files are read to end or are there something unread.
Are you getting any logs from that UF or only some?
these are the errors I find outed sir
Can you post your inputs.conf and splunk list inputstatus?
I checked they are fine
Let me try this? It will work or not?
/opt/splunk/var/log/watchdog/watchdog.log
file position = 2518300
file size = 2518300
parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*
percent = 100.00
type = open file
/opt/splunk/var/log/watchdog/watchdog.log.1
file position = 25000101
file size = 25000101
parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*
percent = 100.00
type = finished reading
It's for only one user it's happening . When I check for 2nd April these are logs genarating. In inputs they give correct path only and monitor the path is good
thanks in advance,😊