Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I not getting logs from one source?

Ash1
Communicator
‎03-30-2023 11:50 AM

Hi all,

I have 2 servers  and each having 3 sources.

I am able to receive logs from 2 sources  from 2 servers but not receiving logs from one source

I checked there are logs on the server and no permission issues 

How to troubleshoot???

 

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-30-2023 12:15 PM

Verify the inputs are not disabled.

Use the splunk list monitor command to make sure the expected files are being monitored.

Check splunkd.log for messages relating to the files.

---
If this reply helps you, Karma would be appreciated.
Reply

Ash1
Communicator
‎03-30-2023 03:49 PM

i checked  disabled is 0
Use the splunk list monitor command --> for this i dont have access to universal forwarder to check 
i mentioned the source which was not coming in the search  with index=_internal source=splunkd  but i don't see any logs.



0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-31-2023 03:07 AM

Hi

here is one old answer (you could found lot of those) https://community.splunk.com/t5/Getting-Data-In/How-to-troubleshoot-why-a-universal-forwarder-lost-d... to solve this kind of issues.

r. Ismo

Reply

Ash1
Communicator
‎04-12-2023 02:10 PM

hi @isoutamo & @richgalloway , thank you for your inputs.
Actually the source was not added in inputs, i noticed it lately and added it, now i can see the logs.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...