Solved: I can see data in logs but not in index for http e...

Amandeepsin · ‎05-09-2018

I can see http_event_collector_metrics.log logs under

$SPLUNK_HOME/var/log/introspection/splunk/

But splunk says latest event received was 2 days ago. Whats going wrong in http event collector as I cannot see data if I select index after 7th of may. Previous data is available

PowerPacked · ‎05-09-2018

Hi @Amandeepsin

The _introspection index data is splunk's internal metrics regarding HEC performance and connection.

You need to check the own index into which the data is coming in.

Here is the sample event.

Thanks

View solution in original post

PowerPacked · ‎05-09-2018

Hi @Amandeepsin

The _introspection index data is splunk's internal metrics regarding HEC performance and connection.

You need to check the own index into which the data is coming in.

Here is the sample event.

Thanks

Amandeepsin · ‎05-09-2018

Hi,

Latest event to that own index which is mentioned in HEC source is 2 days ago. But in _introspection I can see events.

Any comments!!

Thanks,

I can see data in logs but not in index for http event collector

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

I can see data in logs but not in index for http event collector

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...