I have a log files updated in realtime. From past two years these files are ingested to splunk without issues. Suddenly I found a weird issue, where splunk skipping some messages in a file to ingest here and there . I found around 10 percent of the messages are skipped.
I am not sure where is the root cause. I can understant if it skips complete file, but its skipping messages here and there in a single file. Its happening for all files ingested from that source. No configs are changed.
I cannot search for any field value in the missing message in splunk.
Should I begin troubleshooting for problems on indexer side or forwarder side.
May I know what might cause such type of issue.
↧