Good afternoon Splunk team, please could you help us with this?
We have this scenario: Splunk has been logging constantly our 60 events per hour, but starting at November 5th, we are now missing events:
![alt text][1]
We are logging these events through a Universal Forwarder.
This is the log that we are trying to forward. As you can see there is an event per minute.
![alt text][2]
But, if we search for this log's events in Splunk, we see that there are missing events.
We are afraid that we might be missing a lot of events that could be potential errors happening in production, so this should be treated as a critical issue.
[1]: /storage/temp/173176-splunkdate.png
[2]: /storage/temp/173177-currentlog.png
↧