Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search from web UI not working

aksharp
Explorer
‎07-25-2018 04:46 PM

We are in a process of setting up new splunk env on CentOS 7. As part of it we have configured 1 search head and 1 indexer server.
We added the indexer to SH in the distributed search section(distsearch.conf), the status of that indexer is "up", Replication status "Successful", healthy status "healthy and No health check failures.
We are using splunkforwarders on our servers to push data to indexers, which is also working fine, i can see data coming from the selected servers in the metrics.log on indexer.
However when i search anything from web UI it gives me "no results found", also in data summary on home page it says "Waiting for results".
Even for index="_internal" there are "no results found".

Can anyone please point me in the right direction if i'm missing anything in the configs here.

Tags (1)
0 Karma
Reply

aksharp
Explorer
‎08-06-2018 03:31 PM

Thanks for the help! Our indexers were not configured correctly, we updated some some configs and it works now.

0 Karma
Reply

adonio
Ultra Champion
‎07-26-2018 03:06 AM

start here:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Troubleshooting/Cantfinddata

please share your findings with the community

0 Karma
Reply

kmorris_splunk
Splunk Employee
Splunk Employee
‎07-25-2018 06:38 PM

Could it be that your user doesn't have the rights to see the indexes. Check to see that your user has a role that has access to the indexes.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...