Splunk Search

Splunk Data and apps all got deleted

abhijitnath89
Path Finder

All data and apps from our distributed architecture suddenly got deleted, including indexes and other configurations.
Anyone faced this issue before? Any way to check how this happened?

0 Karma

shiv1593
Communicator

If you're running on linux, then you can look into Audit logs of the system under /var/log/audit. Splunk has it's own audit logs too, so you can look them up as well under /var/log/splunk/audit.log. These, couple with the knowledge of who logged in to your system, during the time when the data went missing by analyzing /var/log secure logs, you may begin your investigation.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...