Hello,
I am missing data in my current setup (about 20 to 30%).
1. Instance A is sending data to Instance B on port 514
2. Instance B uses rsyslog to get the data and log it into a file called /var/log/app.log
3. Splunk indexes /var/log/app.log
All the data from Intance A is arriving perfectly well into /var/log/app.log.
However, some events are missing in Splunk.
Would you have any idea about the potential issue please?
Thank you very much in advance
↧