Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Logs are stopped genarating from 2nd april

anil1432
Explorer
‎05-26-2021 05:45 AM

My logs showing before April 2nd only when I check for previous 7 days it's not showing what may be the issue please share solution to us . But there is no error is showing . In actuall  the log is batchdog.log under this log there are similar logs are rolled like batchdog.lig.mmddyy.*log 

Any help please . There is no issues in splunkd.log also

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-26-2021 06:34 AM
Hi
Are you sure that your date is parsed correctly in ingest phase? 2/4/2021 vs 4/2/2021?
r. Ismo
Reply

anil1432
Explorer
‎05-26-2021 07:41 PM

Yes I checked all my data is parsing well.

My logs are stopped genarating from 3rd April and  when I check for 2nd April it's showing logs . And there is no issues available in  splunkd.log . And all my configuration are running fine . But only not genarating specific path  file only to a particular user . Plz hep me out 
 
0 Karma
Reply

anil1432
Explorer
‎05-26-2021 07:42 PM

My splunk enterprise version is 7.3.2

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-26-2021 11:33 PM

On UF side what it shows when you are writing as splunk/root (user which runs splunkd at UF):

splunk list inputstatus

You should find entry for that file like:

	/....../splunk/var/log/watchdog/watchdog.log
		file position = 5427
		file size = 5427
		parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*
		percent = 100.00
		type = finished reading

This show if those files are read to end or are there something unread.

Are you getting any logs from that UF or only some?

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 12:38 AM

Screenshot_20210527_100943.jpg

Screenshot_20210527_094844.jpg

 these are the errors I find outed sir

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-27-2021 08:07 AM

Can you post your inputs.conf and splunk list inputstatus?

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 08:43 AM

I checked they are fine 

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 09:34 AM

Let me try this? It will work or not?

/opt/splunk/var/log/watchdog/watchdog.log

                file position = 2518300

                file size = 2518300

                parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*

                percent = 100.00

                type = open file

 

/opt/splunk/var/log/watchdog/watchdog.log.1

                file position = 25000101

                file size = 25000101

                parent = $SPLUNK_HOME/var/log/watchdog/watchdog.log*

                percent = 100.00

                type = finished reading

0 Karma
Reply

anil1432
Explorer
‎05-27-2021 08:53 AM

It's for only one user  it's happening . When I check for 2nd April these are logs genarating. In inputs they give correct path only and monitor the path is good

Screenshot_20210527_212000.jpg

 thanks in advance,😊

 

 

 

 

 

 

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...