Splunk Enterprise

Why are there No logs on server but displaying in Splunk?


Hi all, i have a question

Index= app-data "cgth14678ghj"  host= http:jbossserver source=application_data_http:jbossserver-20210102-10.log


When i search with this query in will get  events in Splunk

But when i see on the host side there are no events with this term cgth14678ghj on the source file

How come there are displaying on splunk without being in server

From were splunk is taking this data which is not there in server.


Can any help me on this???

Labels (1)
Tags (1)
0 Karma



have you looked what are log processors which are configured into jboss server? There could be several different processors some write file and some could write directly to tcp socket.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...