Hi Team,

I'm a very novice Spluker and have only really upgraded it once and installed it a couple times on our servers to update it. Right now I just installed a new Splunk instance on Server 2019 and am about to migrate our existing Splunk 2012 server over to it. I have already migrated just the warm buckets over to the new server in the cold location. I can search that data, and that's good.

The problem is that I'm sending test data over to the new Splunk 8.0.2 server and it's either not getting it or not indexing it. I followed Splunk 8.0.2's Can't Find My Data Doc https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata and the Splunk instance is only one server, no forwarders, no separate servers, just everything in one server.

Troubleshooting I have done:

• Everything I could understand and that
  is applicable in Splunk 8.0.2's Can't Find My Data Doc
  https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata

• I confirmed the Splunk service is
  running on the server.

• I can ping the server from the network
  device, and I can ping the network
  device from the server. There are no
  Firewalls in place between the device and server and the Windows
  Server 2019 FW is turned off.

• I checked the Windows File structure
  in the actual VM and it hasn't created
  a hot bucket yet, so if it's getting
  the data, it's not

• I also installed a Kiwi Syslog server
  on my desktop and put my IP in the
  network device and sure enough it's
  sending data.

I'm not really sure what else to try, so any help or things to check would be appreciated.

Thanks Splunk Answers!

-Chris