cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
AlteUnke
New Member
Member since: ‎08-13-2018
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-13-2018
View All

Re: Why is the new index not searchable?

by in Deployment Architecture
‎08-14-2018 12:05 AM
‎08-14-2018 12:05 AM
I believe my misunderstanding was, that I used logs which all had the date "03.08.2018". I just copy/pasted them, thinking splunk would log them under "last 7 days" depending on the time the log was added and not the date which is written in the log-entry. ... View more

Re: Why is the new index not searchable?

by in Deployment Architecture
‎08-13-2018 11:54 PM
‎08-13-2018 11:54 PM
Wow. I was about to answer something like "If it was that easy...". But that's it. Can you tell me what the difference between "All-time (real time)" and "All time" is? I can see the logs only in "All time", which might be the reason why I couldn't see the obvious... But thanks for the tip! ... View more

Re: Why is the new index not searchable?

by in Deployment Architecture
‎08-13-2018 11:50 PM
‎08-13-2018 11:50 PM
Uh, thanks for that! Didn't see that! ... View more

Why is the new index not searchable?

by in Deployment Architecture
‎08-13-2018 05:08 AM
‎08-13-2018 05:08 AM
Hi everyone, I'm new to Splunk and this is the first Index I created, so hopefully this Question ain't to nooby 😉 This is my inputs.conf: [monitor:///var/log/app/retry.log] disabled=false sourcetype=log4j index=retry multiline_event_extra_waittime = true indexes.conf: [retry] homePath=$SPLUNK_DB/retry/db coldPath=$SPLUNK_DB/retry/colddb thawedPath=$SPLUNK_DB/retry/thaweddb repFactor=autor maxDataSize=auto Cluster Bundle Status: master cluster_status=None active_bundle checksum=2924BEA962D9C72179B8CF4D03846EAB timestamp=1533281547 (in localtime=Fri Aug 3 09:32:27 2018) latest_bundle checksum=2924BEA962D9C72179B8CF4D03846EAB timestamp=1533281547 (in localtime=Fri Aug 3 09:32:27 2018) last_validated_bundle checksum=2924BEA962D9C72179B8CF4D03846EAB last_validation_succeeded=1 timestamp=1533281547 (in localtime=Fri Aug 3 09:32:27 2018) last_check_restart_bundle last_check_restart_result=restart not required checksum= timestamp=0 (in localtime=Thu Jan 1 01:00:00 1970) splunkidx2 3F5EEC11-8718-4C0D-AEF7-0F54DABB1D01 default active_bundle=2924BEA962D9C72179B8CF4D03846EAB latest_bundle=2924BEA962D9C72179B8CF4D03846EAB last_validated_bundle=2924BEA962D9C72179B8CF4D03846EAB last_bundle_validation_status=success restart_required_apply_bundle=0 status=Up splunkidx3 79FD9BAC-9F72-46CB-A043-EDCA31DE8EB7 default active_bundle=2924BEA962D9C72179B8CF4D03846EAB latest_bundle=2924BEA962D9C72179B8CF4D03846EAB last_validated_bundle=2924BEA962D9C72179B8CF4D03846EAB last_bundle_validation_status=success restart_required_apply_bundle=0 status=Up splunkidx1 D2077BB4-988A-46F2-BB00-E261EBF94BC9 default active_bundle=2924BEA962D9C72179B8CF4D03846EAB latest_bundle=2924BEA962D9C72179B8CF4D03846EAB last_validated_bundle=2924BEA962D9C72179B8CF4D03846EAB last_bundle_validation_status=success restart_required_apply_bundle=0 status=Up I can see the new "retry" Index in Splunk and add it to roles. But I can't search for it, or find events when search for "index=retry". But I can see the rawdata/db on the Indexers, so Data is here. Any Idea what I could have missed? Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM