Getting Data In

Unable to see logs on Splunk Cloud from some servers

asharma21193
New Member

There are 300 servers sending logs to the Heavy forwarder. The same common application is successfully deployed in all 300 servers and able to see all servers in forwarder-managment tab and app is also successfully deployed on all servers. But not able see logs from 200 on splunk cloud, also I can see logs are successfully coming to heavy forwarder as shown below in tcpdump output captured from HWF but unable to find logs of same server on Splunk Cloud.

22:50:10.781905 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151196:151286, ack 1, win 55, length 90
22:50:21.891218 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151286:153102, ack 1, win 55, length 1816
22:50:21.891845 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 153102:154925, ack 1, win 55, length 1823
22:50:21.897956 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 154925:155555, ack 1, win 55, length 630
22:50:21.899071 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155555:155906, ack 1, win 55, length 351
22:50:21.900269 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155906:156281, ack 1, win 55, length 375
22:50:21.901434 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156281:156735, ack 1, win 55, length 454
22:50:21.934712 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156735:165117, ack 1, win 55, length 8382

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...