Re: Search from web UI not working

aksharp · ‎07-25-2018

We are in a process of setting up new splunk env on CentOS 7. As part of it we have configured 1 search head and 1 indexer server.
We added the indexer to SH in the distributed search section(distsearch.conf), the status of that indexer is "up", Replication status "Successful", healthy status "healthy and No health check failures.
We are using splunkforwarders on our servers to push data to indexers, which is also working fine, i can see data coming from the selected servers in the metrics.log on indexer.
However when i search anything from web UI it gives me "no results found", also in data summary on home page it says "Waiting for results".
Even for index="_internal" there are "no results found".

Can anyone please point me in the right direction if i'm missing anything in the configs here.

aksharp · ‎08-06-2018

Thanks for the help! Our indexers were not configured correctly, we updated some some configs and it works now.

adonio · ‎07-26-2018

start here:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Troubleshooting/Cantfinddata

please share your findings with the community

kmorris_splunk · ‎07-25-2018

Could it be that your user doesn't have the rights to see the indexes. Check to see that your user has a role that has access to the indexes.

Search from web UI not working

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation