I recently had an issue where Splunk lost connectivity with a log server. After the network connectivity was restored, it proceeded with pulling/indexing the logs from the time the network connectivity was restored and did not go back and pick up from where it had left off.
Previous network issues that caused a loss of connectivity with Splunk did not have this end result and it picked up from where it left off and everything was okay.
Currently Splunk is functioning with any new logs that are coming in. I'm trying to figure out a way to get the missing logs over to Splunk. Whether it be a command that will manually pull logs from a particular date range or if needed manually move the logs from the log server to Splunk.
... View more