Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
66 results
Sorted by:
04-19-2019
03:04 AM
We have a server running in Japan timezone. Recently when we did not find logs during a live testing.
Next day we ran the query to calculate delta between indextime and event time --- eval delta=_...
10-23-2017
06:05 AM
...reation, or when I restart Splunk instance, the index size decreases to nearly half of the max index size.
Is there any idea of why there is so significant delay for Splunk purging old events? a...
05-12-2016
02:01 AM
...hat any previous events that were sent between 8:00 and 9:00 are not sent again.
Is it best to use the index time rather than extract the time from the event during indexing?
Is there a way to a...
- Tags:
- splunk-enterprise
02-26-2020
08:03 PM
...nd event time. as follows:
index = test
|eval indextime=strftime(_indextime,"%Y/%m/%d %H:%M:%S")
|eval age=(_indextime - _time)/60
|table indextime _time a...
11-10-2020
03:43 PM
...indextime but never found latency more than 20 minutes
index=proofpoint source=proofpoint_message_log
| eval indextime=strftime(_indextime,"%Y-%m-%d %H:%M:%S")
| eval delay=_...
Labels
Show results in replies (3)
-
Ever get a solution to this? I've had a report from a user that their searches for a specific event...
-
...issing event. It had a indextime of 11/10, within 25 minutes of when the email system said the r...
-
...hat time, the indexing "lag" will be 1605131264 - 1605134864, which is -3600, ... So your search t...
10-30-2018
12:38 AM
We are experiencing a delayed indexing of UDP events.
Environment: UF -> Indexer.
Event1 was sent to indexer(confirmed via tcpdump that the messages are sent successfully to indexer).
Event...
- Tags:
- splunk-enterprise
- udp
01-07-2019
10:54 PM
We have set up a Splunk forwarder to forward the latest logs in the same server, but we are having an issue where there is a huge difference between indexed time and the event time. I can see the delay...
09-18-2018
05:25 AM
02-26-2019
01:11 PM
...or some reason there's a huge delay between event indexing and event creation time, still receiving logs that are 3 months old and new logs are getting delayed. What can be a reason for such a delay...
08-08-2019
02:31 PM
Hello all,
I have 4 SH, 2 indexer's, 1 Deployment Server in one of my environments (windows).
I'm now noticing that there's a long delay in some of my data showing up when searched on. This i...
