×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ragh99
Loves-to-Learn
Member since: ‎01-04-2021
‎01-04-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-04-2021
Activity Feed
Topics I've Started
View All

Re: Search doesn't show data

by in Splunk Search
‎01-04-2021 05:03 AM
‎01-04-2021 05:03 AM
I do see my host sending (v-test-xxx) some traffic eventhough  its less in license usage. Could that be reason? Thanks       ... View more

Re: Search doesn't show data

by in Splunk Search
‎01-04-2021 04:27 AM
‎01-04-2021 04:27 AM
thanks @scelikok . I think they are enabled . Only thing I see on client side as well is PSH/ACK and I am assuming that the data is being exchanged.  FWIW, I am trying to send logs from a k8s infrastructure, so not sure if HEC is what I should be using?    # netstat -tulpn | grep 8088 tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 628/splunkd.      ... View more

Search doesn't show data

by in Splunk Search
‎01-04-2021 03:53 AM
‎01-04-2021 03:53 AM
Hi, I have just installed Splunk enterprise on-prem and trying to send data using HEC (port 8088). When I do a tcpdump, I do see packets coming in to splunk, but when I do search (  a basic search all using "*"), I do  not see anything. Is there anything basic I might be missing? Thanks, Raghu tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:24:01.349607 IP  ip.25648 > worker1.radan-http: Flags [P.], seq 1131684074:1131684105, ack 2035586096, win 502, options [nop,nop,TS val 2515323145 ecr 929343968], length 31 01:24:01.349652 IP ip..25648 > worker1.radan-http: Flags [F.], seq 31, ack 1, win 502, options [nop,nop,TS val 2515323145 ecr 929343968], length 0 01:24:01.349774 IP worker1.radan-http > ip.25648: Flags [P.], seq 1:32, ack 32, win 1475, options [nop,nop,TS val 929350932 ecr 2515323145], length 31     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-04-2021 01:20 PM