Reveiwing Splunk Data


I am using Splunk 6.3 with 7 endpoints running uberAgent 5.0.1. I can see from a Splunk data capture that 10GB of data has uploaded to the server. However, nothing is displayed on the Machine Performance tab.I can see something on other tabs like Machine Network performance but even then I am not always able to filter the data to get more specific metrics.

I regularly find that if I want to get metrics from a specific date and time it frequently doesn't return any data. For example I want to use the User Sessions tab to get latency metrics from 2nd July between 10pm and 11pm GMT for a specific user and it does not return any data. To filter the data I am using the "Date and Time Range" and the filter field is set to "Session User". For the value I have tried entering variations of *username* *user* etc. but it never returns anything. For reference the user in the example is logging in from another timezone so 10pm in the UK is 5PM there.


Dan Gothard


1 comment

  • Avatar
    Timm Brochhaus Official comment

    This request will be processed further as a support case.

Please sign in to leave a comment.