×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
kjohnsonzenimax
Explorer
Member since: ‎10-04-2012
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎10-04-2012
Activity Feed
View All

Re: Events from new index are not showing up

by in Splunk Search
‎10-10-2012 10:27 AM
1 Karma
‎10-10-2012 10:27 AM
1 Karma
All that I had to do was restart the individual indexers, which the heavy forwarder was reporting to. After doing this, events began showing up in the search. ... View more

Re: Events from new index are not showing up

by in Splunk Search
‎10-10-2012 10:24 AM
‎10-10-2012 10:24 AM
Hey, thanks for your answer. I have just checked the three indexers, running the command 'splunk list index' and have verified that the new index is listed on all three indexers. ... View more

Events from new index are not showing up

by in Splunk Search
‎10-04-2012 05:33 AM
1 Karma
‎10-04-2012 05:33 AM
1 Karma
I have inherited a fairly undocumented splunk deployment which looks as follows (splunk 4.3.2): Forwarders -> 2x Heavy Forwarders -> 3x Indexers -> Search Head I have added an index to the Search Head via the web interface and installed two forwarders with an inputs.conf as below: [monitor:////opt/tld/glassfish/domains/tldcs/logs/feedback.log] sourcetype = tld_gameplay index = tld_gameplay [monitor:////home/tldcs/web/apps/cstools/log/production.log] index = customer_service [monitor:////opt/tld/glassfish/domains/tldcs/logs/server.log] index = customer_service [monitor:////opt/tld/glassfish/domains/tldcs/logs/services.log] index = customer_service The issue is that I am not seeing any events in the web interface. How can I debug this? What information do you need from me, so that I can help you? How can I verify that data is, or is not, even being received by the heavy forwarder, and then the indexers? I am unclear whether I need to "add" the index somewhere else other than via the web interface. Thanks, ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All