When I am on the Search Head and I go to data summary under Search and Reporting, it only shows 2 host but they come up as .log files. When I do a search for index=*, I get all my host which is currently around 24. I know the .log files are coming from rsyslog on my Splunk syslog server, but why can't I see all my host under data summary. Also, it says that the earliest and latest events were 2 months ago, when Splunk was initial deployed. I do not have a cluster, I only have 1 of each server. Any assistance is greatly appreciated.
↧