Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Logs dont show upp i "real time"

fisk12
Path Finder
‎11-13-2010 03:59 PM

I recive some hosts from firewalls/Wireless controllers and they show up when you search for *. Recently i have some events from a apache webserver. I used this guide. http://danielmiessler.com/blog/howto-use-splunk-as-your-remote-syslog-server

And i have setup syslog-ng to filter the events and put them in a folder upon arrival like this http://answers.splunk.com/questions/8912/syslog-ng-filter-by-ip The events appers as expected in the folder and you se them if you search for exampel
source="/opt/splunk/var/log/syslog-ng/192.168.1.5/messages" but i would like them to appear when you search for *. Any ideas what to look for?

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎05-26-2015 10:17 PM

Your timestamps are probably incorrect, possibly due to TZ issues. Run this search and make sure that avg(lagSeconds) is small and >0:

index=* | eval lagSeconds=_index_time - _time | stats avg(lagSeconds) by sourcetype,host,index
0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎11-17-2010 02:04 AM

Are your timestamps correct? A real time search won't display events if timestamps are incorrect.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...