Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find the missing source files that are not indexed

deepthi5
Path Finder
‎04-06-2016 05:28 AM

Hi team,

I have 10 different hosts that are sending data to the SPLUNK every day
they send some csv files daily C:\SPLUNKCEBU\xxxx.csv, etc

Now i want to find out for a particular day if the data from all the files from all hosts are indexed or not (if not indexed then i can check my host if the files are present are not)

Thanks
deepthi

Tags (2)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎04-06-2016 05:57 AM

you can most likely use a simple search to validate your inputs with help of the source attribute, e.g.

your_search | timechart span=1d distinct_count(source) values(source)

/k

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...