Getting Data In

Logs sending being cutoff

STU3
Engager

Hello,

I have had an issue where specifically the firewall logs were cutoff for about 5 hours and then reconnected and started logging again in Splunk.

The syslog server responsible is actually running and sending data, but how can I troubleshoot why the logs were not sent during that specific time period ?

I am new to troubleshooting indexers etc. any help is appreciaited.

Regards,

0 Karma

STU3
Engager

PS by "syslog server responsible" I meant the firewall management software responsible was logging all the events at the time of cutoff, might have used a wrong term there

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...