Solved: Why all my sourcetypes are not showing up in web G...

rfeddal · ‎02-27-2020

Hi,

I have an index with 7 sourcetypes. For a particular reason, I had to delete the index. Made a refresh, then I re-created it.

But when I checked if all my sourcetypes are there, I found only 6. One of them haven't been added by splunk. I don't understad why?

Plus, I've created a new index with a new sourcetype. But after restarting the splunk service, nothing is showing up in the Web GUI when I made a research on this new index.

I don't understand what is happening.

Did someone has the same issue? And know how to resolve it?

Thank you.

rfeddal · ‎03-05-2020

I resolved my issue:
The source added in the second index was the same of the first one. So I deleted the second sourcetype, deleted the both indexes and recreated them, then it I re-found my 7 sourcetypes.

View solution in original post

rfeddal · ‎03-05-2020

I resolved my issue:
The source added in the second index was the same of the first one. So I deleted the second sourcetype, deleted the both indexes and recreated them, then it I re-found my 7 sourcetypes.

isoutamo · ‎02-27-2020

If you do: “splunk cmd btool props list | egrep ‘^[‘ “do you see those sourcetypes? And have you those event already on your indexers?

Ismo

Why all my sourcetypes are not showing up in web GUI?

sourcetype

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Why all my sourcetypes are not showing up in web GUI?

sourcetype

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...