Displaying logs last x days for every month

Kantsplunk · ‎10-11-2019

Not displaying logs more than the last 3 days. This pattern is the same for the last months as well.

for example.
If I am searching for current 30 days logs, it will display only the last 3 days logs and omit other days. when I increased my timeline to last 4 months. I can see same pattern. todays date, yesterday and day before yesterday's date.

woodcock · ‎10-13-2019

WHAT IS YOUR SEARCH?!

richgalloway · ‎10-11-2019

What are the retention settings for the index you are searching? It's possible the index is too small and data is being frozen after 3 days.

---
If this reply helps you, Karma would be appreciated.

Kantsplunk · ‎10-11-2019

I would like to put my issue once again. when I search logs for the last 3 months, then I can see logs for the current date, yesterday and day before yesterday of all last 3 months, other than that I don't see any logs.
for example.

october, 11, 10 and 9th logs are visible.
September 11,10 and 9th logs are visible.
August 11,10 and 9th logs are visible.

ignoreOlderThan = 300d
recursive = true

richgalloway · ‎10-11-2019

Thanks for clarifying the problem. Do you mind sharing your query? Do you see gaps in the results as well as on the timeline?

---
If this reply helps you, Karma would be appreciated.

Displaying logs last x days for every month

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms