Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

missing data from script input.

efaundez
Path Finder
‎10-05-2020 11:52 AM

Good afternoon

Currently we have a UF that is configured with 50 inputs, of which 49 work well and only 1 does not index events and also reports any errors.

Review the information on the internal validating that the splunkd does not inform any evidence that it can help to validate why this input is not working.

But what you see is what you do next query
index = _introspection component = PerProcess "event that does not index ..." I have current information, the script runs every 1 minute and gives me the next information.

component: PerProcess
date: {[-]
args: python /path/file.py XXXXXXXX
elapsed: 111505.2300
fd_used: 5
mem_used: 8,555
normalized_pct_cpu: 0.00
page_faults: 0
pct_cpu: 0.00
pct_memory: 0.01
pid: 22673
ppid: 7990
process: python2.7
process_type: other
read_mb: 0.000
status: W
t_count: 1
written_mb: 0.000
}
datetime: 10-05-2020 15: 36: 26.387 -0300
log_level: INFO

Review the too many events that you index and don't use these metrics .... why when the event I stop indexing this information splunk differently,... and I don't understand why they too many fuels that are working correctly in the tienen this information.

Any help is appreciated.

 

Labels (3)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎10-06-2020 02:01 PM

Does the script run if you run it manually, with, for instance,

splunk cmd python /path/to/file.py

(Obviously fix that syntax, I'm sure it's wrong!)

Beyond that, I'm not sure what other information you've give us.  I think autocorrect may have "fixed" many of your words for you, because I can't quite make sense out of the remainder of the question.  Happy to listen again if you want to try reposting that?

0 Karma
Reply

efaundez
Path Finder
‎10-09-2020 05:19 AM

Sorry for the delay, validate that the python as a process in the OS was taken and it was like that for more than 2 days, the _internal was checked and there was no information of any error or that splunk will show that there is a script input it cannot be executed for XXX reason .

To solve this, the input via web was deactivated (in an HF server) and then it was enabled, and after that it was validated that the indexing is done correctly.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...