Are you sure that splunk has stopped to indexing or is it stopped to answer your queries? The 2nd option is more possible than 1st one!
So how you have made conclusion that it has stopped ingestion?

Hi @fedayn05 

Can you provide a little more info on how you are receiving this data into Splunk?

When you look at https://yoursplunkinstance/en-US/manager/bowl/data/indexes do you see the index that you are expecting to see logs for? When does it say the most recent event is from?

Can you check Splunk is listening on the relevant port (e.g. can you netcat to it or see it open in some other way?)

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

It's very hard to tell with such limited info.

1. Check if all your components are up and running.

2. If you're saying that "logs arrive", since you're talking about network equipment, do you mean that you see just UDP frames or TCP streams? Remember that UDP can appear on the wire but still not get delivered to the process even if the process is listening. Any changes on the boxes network-wise? Someone fiddled with the local firewall rules?

3. Is Splunk indexing _any_ data? Do you have only problem with the network equipment logs or everything (including Splunk's _internal)?

4. How did you verify that it stopped indexing? Maybe something changed regarding time settings - that could cause Splunk to parse time wrongly and index it into wrong point in time (effectively not showing it when you're searching for "last 15 minutes" or similar). Try running an All Time (realtime) search across your indexes and look if anything shows up. (that's pretty much the only case I'd advise anyone to run a realtime search).

5. Did you check indexes metadata (both on Monitoring Console level as well as physically on bucket directories)?