Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Logs are stopped genarating from 2nd april

anil1432
Explorer
‎05-26-2021 05:45 AM

My logs showing before April 2nd only when I check for previous 7 days it's not showing what may be the issue please share solution to us . But there is no error is showing . In actuall  the log is batchdog.log under this log there are similar logs are rolled like batchdog.lig.mmddyy.*log 

Any help please . There is no issues in splunkd.log also

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-26-2021 06:34 AM
Hi
Are you sure that your date is parsed correctly in ingest phase? 2/4/2021 vs 4/2/2021?
r. Ismo
Reply

anil1432
Explorer
‎05-26-2021 07:41 PM

Yes I checked all my data is parsing well.

My logs are stopped genarating from 3rd April and  when I check for 2nd April it's showing logs . And there is no issues available in  splunkd.log . And all my configuration are running fine . But only not genarating specific path  file only to a particular user . Plz hep me out 
 
0 Karma
Reply

anil1432
Explorer
‎05-26-2021 07:42 PM

My splunk enterprise version is 7.3.2

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-26-2021 11:33 PM

On UF side what it shows when you are writing as splunk/root (user which runs splunkd at UF):

splunk list inputstatus

You should find entry for that file like:

	/....../splunk/var/log/watchdog/watchdog.log
		file position = 5427
		file size = 5427
		parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*
		percent = 100.00
		type = finished reading

This show if those files are read to end or are there something unread.

Are you getting any logs from that UF or only some?

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 12:38 AM

Screenshot_20210527_100943.jpg

Screenshot_20210527_094844.jpg

 these are the errors I find outed sir

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-27-2021 08:07 AM

Can you post your inputs.conf and splunk list inputstatus?

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 08:43 AM

I checked they are fine 

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 09:34 AM

Let me try this? It will work or not?

/opt/splunk/var/log/watchdog/watchdog.log

                file position = 2518300

                file size = 2518300

                parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*

                percent = 100.00

                type = open file

 

/opt/splunk/var/log/watchdog/watchdog.log.1

                file position = 25000101

                file size = 25000101

                parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*

                percent = 100.00

                type = finished reading

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 08:53 AM

It's for only one user  it's happening . When I check for 2nd April these are logs genarating. In inputs they give correct path only and monitor the path is good

Screenshot_20210527_212000.jpg

 thanks in advance,😊

 

 

 

 

 

 

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...