Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot why I'm missing log data in Splunk for one day?

Navanitha
Path Finder
‎05-04-2016 02:34 AM

Hi,

I have logs coming into Splunk from our Mainframe server for a long time. I noticed that Splunk is suddenly not showing any logs on 25/04/2016 and there were partial results on 24/04. Although it is working fine now, I still don't see logs for only 25/04. What might be the possibilities for such discrepancies and is there something I need to check on my end?

Thank you..

Tags (2)
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-04-2016 05:55 AM

Define "suddenly" please.

Does this mean that yesterday you had data for 25/04 and 24/04 but today "suddenly" the data no longer appears?

Or does it mean, you have a gap in your data on 25/04 and 24/04 that you didnt notice until today?

Possible issues for the 1st scenario:
-Bad data retirement/retention policy
-Someone used the |delete command
-Someone manually erased buckets from the filesystem
-Filesystem corruption

Possible issues for the 2nd scenario:
-Network was down
-Forwarders were down
-Splunk was down
-Maintenance to mainframe
-Maintenance to anything between mainframe and splunk indexers
-etc

0 Karma
Reply

Navanitha
Path Finder
‎05-04-2016 06:01 AM

it is the second scenario, I have a gap in data for those two dates and till now, I don't see the data coming in for those two days until now.

so assuming the forwarder was down/network was down, how can I get the data for those days into Splunk now?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...