Hi Team,
I'm a very novice Spluker and have only really upgraded it once and installed it a couple times on our servers to update it. Right now I just installed a new Splunk instance on Server 2019 and am about to migrate our existing Splunk 2012 server over to it. I have already migrated just the warm buckets over to the new server in the cold location. I can search that data, and that's good.
The problem is that I'm sending test data over to the new Splunk 8.0.2 server and it's either not getting it or not indexing it. I followed Splunk 8.0.2's Can't Find My Data Doc https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata and the Splunk instance is only one server, no forwarders, no separate servers, just everything in one server.
Troubleshooting I have done:
Everything I could understand and that is applicable in Splunk 8.0.2's Can't Find My Data Doc https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata
I confirmed the Splunk service is running on the server.
I can ping the server from the network device, and I can ping the network device from the server. There are no Firewalls in place between the device and server and the Windows Server 2019 FW is turned off.
I checked the Windows File structure in the actual VM and it hasn't created a hot bucket yet, so if it's getting the data, it's not
I also installed a Kiwi Syslog server on my desktop and put my IP in the network device and sure enough it's sending data.
I'm not really sure what else to try, so any help or things to check would be appreciated.
Thanks Splunk Answers!
-Chris
... View more
