HI Team, We have implemented the dual ingestion fo...

Hemant_h · ‎04-09-2025

We have implemented the dual ingestion for syslog servers , we can see the logs in cloud but few logs file missing and onprem have all the data but on cloud we are missing some files which has large count of logs .
PLease help me to understand how we can get the data of those log files in splunk cloud.

Splunk cloud logs of syslog server

Syslog server logs on onprem

livehybrid · ‎04-09-2025

Hi @Hemant_h

What is different in term of the data flow between the two environments? How are your syslog servers sending to both on-prem and cloud Splunk instances?
Are there any TAs installed on either Splunk instance? It could be that the timestamping is incorrect rather than being missing.

There are lots of variables at play here, please let us know as much as you can about your environment, configuration and data pipelines.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

HI Team, We have implemented the dual ingestion for syslog servers , we can see the logs in cloud but few logs file miss

Splunk Investigate

using Splunk Cloud

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation