Why are application logs not getting indexed in Sp...

amand · ‎02-02-2023

The internal logs flow to splunk UI but the applications logs are not flowing to splunk UI.

We have a cluster with several different components. We are facing the above issue with only one of the component, although, the splunk configuration for all the components are same except the host differs.

gcusello · ‎02-02-2023

Hi @amand,

could you better describe your issue?

are you speking of one specific server or the issue is on all servers.

if on a specific server, which role has this server?

could you better describe your architecture? have you clusters?

Ciao.

Giuseppe

amand · ‎02-02-2023

We have 3 components in our cluster, assume A, B, C.
All have been configured in the same manner.
But we see application logs for B & C but not for A.
Although, we are able to see _internal index logs for A.

gcusello · ‎02-02-2023

Hi @amand,

I suppose that you're speaking of an Indexer Cluster and you distributed an add-on using the Master Node to all the peers.

Which are the application logs you're speaking of?

which is the add-on you're using?

Ciao.

Giuseppe

amand · ‎02-02-2023

We are able to see this on UI : index=_internal host=ip-xx-xx-xx-xxx source="/opt/splunkforwarder/var/log/splunk/splunkd.log"

but not this : index="blitz-athena" host=ip-xx-xx-xx-xxx source = "/var/log/supervisord/collector.log"

P.S : These two indexes are of the same host

gcusello · ‎02-03-2023

Hi @amand,

can you see other events on the same index?

Ciao.

Giuseppe

Why are application logs not getting indexed in Splunk?

other

search job inspector

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life