Hi community,
I've configured Splunk Stream to ingest NetFlow data (stream collector and Splunk indexer running on the same box), and it's actually working. But exactly every 2 hours, there is a 10 minute gap of data. Packet captures show normal traffic during that gap, so it looks like Splunk is not indexing that data.
Any idea of what could be the reason?
Thanks!
↧
When using the Splunk Stream app, why does Splunk suddenly stop indexing NetFlow data every 2 hours?
↧