Hi.

I just setup a free account in splunkstorm and try to set up rsyslog base on the documentation and I didn't see any data but strangely enough my 1G free is full but I don't see any data and even if I search nothing shows up.

I get tons of this messages on the GUI :

Reached end-of-stream while waiting for more data from peer mt-indexer-i-f49bed87.prod-root. Search results might be incomplete!

my rsyslog file was :

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile # provides --MARK-- message capability

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$RepeatedMsgReduction on

$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

$WorkDirectory /var/spool/rsyslog

$InputFileName /var/log/drupal.log
$InputFileTag drupal:
$InputFileStateFile stat-drupal
$InputFileSeverity info
$InputRunFileMonitor
$InputFilePollingInterval 10

. @@logs4.splunkstorm.com:20244
$IncludeConfig /etc/rsyslog.d/*.conf

In inputs network data page it says "Data last received" "N/A" but the storage is full, I don't get it.

can someone help me to figure out this ?

Thanks.

P.S : my timezone is setup to UTC 0000 on the server and splunkstorm