Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk Fundamental Module 4 Lab
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Fundamental Module 4 Lab
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here...uploaded 3 files into Splunk w/o issue but they don't appear as having been so as nothing to search upon. Expanded data to "all time" as well.
Ed in Tampa
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, found an email address to Splunk Education team (elearn@splunk.com) ...and submitted my question; here is the response:
"Hello Ed,
You may proceed to the next module/lab. The information indicating the number of events to indexed does not appear on this page in this version of Splunk.
Mike Halladay
IOD Technical Support Engineer"
I have since been able to perform a search & find data from these 3 lab files. BTW, I'm running the Windows version on my desktop.
Hope this helps somebody, I could have used this guidance last week.
Ed in Tampa
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
try to expand your timerange and if you don't specify the index name splunk automatically puts your data on the index=main.
🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2
Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...
Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...
