Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing data from script input.

efaundez
Path Finder
‎10-05-2020 11:52 AM

Good afternoon

Currently we have a UF that is configured with 50 inputs, of which 49 work well and only 1 does not index events and also reports any errors.

Review the information on the internal validating that the splunkd does not inform any evidence that it can help to validate why this input is not working.

But what you see is what you do next query
index = _introspection component = PerProcess "event that does not index ..." I have current information, the script runs every 1 minute and gives me the next information.

component: PerProcess
date: {[-]
args: python /path/file.py XXXXXXXX
elapsed: 111505.2300
fd_used: 5
mem_used: 8,555
normalized_pct_cpu: 0.00
page_faults: 0
pct_cpu: 0.00
pct_memory: 0.01
pid: 22673
ppid: 7990
process: python2.7
process_type: other
read_mb: 0.000
status: W
t_count: 1
written_mb: 0.000
}
datetime: 10-05-2020 15: 36: 26.387 -0300
log_level: INFO

Review the too many events that you index and don't use these metrics .... why when the event I stop indexing this information splunk differently,... and I don't understand why they too many fuels that are working correctly in the tienen this information.

Any help is appreciated.

 

Labels (3)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎10-06-2020 02:01 PM

Does the script run if you run it manually, with, for instance,

splunk cmd python /path/to/file.py

(Obviously fix that syntax, I'm sure it's wrong!)

Beyond that, I'm not sure what other information you've give us.  I think autocorrect may have "fixed" many of your words for you, because I can't quite make sense out of the remainder of the question.  Happy to listen again if you want to try reposting that?

0 Karma
Reply

efaundez
Path Finder
‎10-09-2020 05:19 AM

Sorry for the delay, validate that the python as a process in the OS was taken and it was like that for more than 2 days, the _internal was checked and there was no information of any error or that splunk will show that there is a script input it cannot be executed for XXX reason .

To solve this, the input via web was deactivated (in an HF server) and then it was enabled, and after that it was validated that the indexing is done correctly.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...