Solved: Data Summary is not showing all host.

andsmith2 · ‎10-05-2017

When I am on the Search Head and I go to data summary under Search and Reporting, it only shows 2 host but they come up as .log files. When I do a search for index=*, I get all my host which is currently around 24. I know the .log files are coming from rsyslog on my Splunk syslog server, but why can't I see all my host under data summary. Also, it says that the earliest and latest events were 2 months ago, when Splunk was initial deployed. I do not have a cluster, I only have 1 of each server. Any assistance is greatly appreciated.

DalJeanis · ‎10-05-2017

The data summary shows the data in each user's default indexes. You probably initially began your installation by ingesting data into index=main, then switched ingestion to custom indexes.

You also probably never updated the default indexes for the role that you are using.

Do you need instructions on how to do that?

View solution in original post

DalJeanis · ‎10-05-2017

The data summary shows the data in each user's default indexes. You probably initially began your installation by ingesting data into index=main, then switched ingestion to custom indexes.

You also probably never updated the default indexes for the role that you are using.

Do you need instructions on how to do that?

DalJeanis · ‎10-05-2017

https://answers.splunk.com/answers/47879/cannot-see-data-that-gets-indexed-on-summary-page.html

andsmith2 · ‎10-05-2017

Yes. If you could help put me in the right direction. Thank you.

Data Summary is not showing all host.

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!