Splunk Search

Splunk Data and apps all got deleted

abhijitnath89
Path Finder

All data and apps from our distributed architecture suddenly got deleted, including indexes and other configurations.
Anyone faced this issue before? Any way to check how this happened?

0 Karma

shiv1593
Communicator

If you're running on linux, then you can look into Audit logs of the system under /var/log/audit. Splunk has it's own audit logs too, so you can look them up as well under /var/log/splunk/audit.log. These, couple with the knowledge of who logged in to your system, during the time when the data went missing by analyzing /var/log secure logs, you may begin your investigation.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...