Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Suddenly Stops Indexing

matthewcanty
Communicator
‎03-27-2012 03:19 AM

I'm new to Splunk - as in this morning - but have been shown around it a few times. I've just downloaded the free version and installed everything fine. I have setup an indexer, and started adding data from a folder location.

The summary shows all of the files in the directory and has found the two sources which I wanted to see which is great.

Under Source Types I have a source DataNormalisation and its Last Update time is "Tue Mar 27 09:32:33 2012". When I click it and go for Last 7 Days the last message is from the 23rd. If I look in the file the last message is today - because the service is running now and logging now.

What am I doing wrong?

Head/Tail issue?

Please see the following three images in order as a proof...

Page 1 | Page 2 | Page 3

See on Page 2 the last message is on 26th...

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

matthewcanty
Communicator
‎03-27-2012 05:53 AM

Problem seems to be related to Index. I was using a new Index which I had made, when I just tried using the main Index it started straight away.

Is this a limitation of the free version?

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

matthewcanty
Communicator
‎03-27-2012 05:53 AM

Problem seems to be related to Index. I was using a new Index which I had made, when I just tried using the main Index it started straight away.

Is this a limitation of the free version?

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎03-27-2012 05:59 AM

By default Splunk will search and the search app references the main index. If you search index=YOURINDEX it should return all your events

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...