https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102688#M21554 <P>Possibly, but only if the data to index is located on the Splunk search head (or is reachable via a script on the search head). See <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Runshellscript">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Runshellscript</A> . This will run a script on the search head.</P> Tue, 29 Jan 2013 06:25:03 GMT rtadams89 2013-01-29T06:25:03Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102681#M21547 <P>I currently have a FIX log file which generates HUGE amounts of data every day. With my current license its impossible to index all that data. </P> <P>Is it possible to get parts of the log file on-demand and then index and query them as and when needed? Is it possible to achieve this via a script invoked from a Splunk query?</P> Tue, 29 Jan 2013 04:07:22 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102681#M21547 batcave 2013-01-29T04:07:22Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102682#M21548 <P>Yes, you can use scripted input (<A href="http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptSetup">http://docs.splunk.com/Documentation/Splunk/5.0.1/AdvancedDev/ScriptSetup</A>).</P> Tue, 29 Jan 2013 04:48:04 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102682#M21548 rtadams89 2013-01-29T04:48:04Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102683#M21549 <P>scripted input don't think would fit the case as the script should be invokable via non admin users as well, which I am not sure can be done</P> Tue, 29 Jan 2013 05:52:35 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102683#M21549 batcave 2013-01-29T05:52:35Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102684#M21550 <P>Scripted inputs run under the context of the Splunk user. If that doesn't work for your specific needs, you could create a script that is run via Windows task scheduler (which will let you select the user to run the script as). The script just needs to do what ever parsing of the original log file you want, and then output it to a new file that you can have Splunk monitor/index.</P> Tue, 29 Jan 2013 05:58:35 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102684#M21550 rtadams89 2013-01-29T05:58:35Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102685#M21551 <P>Also, see routing and filtering data, specifically to a null queue: <A href="http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Routeandfilterdatad">http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Routeandfilterdatad</A></P> Tue, 29 Jan 2013 05:59:35 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102685#M21551 rtadams89 2013-01-29T05:59:35Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102686#M21552 <P>or basically any way to directly query data without indexing it in Splunk?</P> Tue, 29 Jan 2013 06:06:56 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102686#M21552 batcave 2013-01-29T06:06:56Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102687#M21553 <P>ok sounds good in terms of permissions but as you mentioned this can be scheduled to run via cron or task scheduler. What I need is to run it on demand anytime and gat her data only from a particular time period(which I think can be done via arguements to the script). Bu thow to invoke the script on demand rather than on a schedule?</P> Tue, 29 Jan 2013 06:15:35 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102687#M21553 batcave 2013-01-29T06:15:35Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102688#M21554 <P>Possibly, but only if the data to index is located on the Splunk search head (or is reachable via a script on the search head). See <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Runshellscript">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Runshellscript</A> . This will run a script on the search head.</P> Tue, 29 Jan 2013 06:25:03 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102688#M21554 rtadams89 2013-01-29T06:25:03Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102689#M21555 <P>"Currently, it is not supported by Splunk"-- Not sure whether this command works anymore. any ideas guys?</P> Wed, 06 Feb 2013 06:15:23 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102689#M21555 batcave 2013-02-06T06:15:23Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102690#M21556 <P>I would say no to your question - there might in certain situations be some kind of hack that makes you do this but in essence this is not how Splunk was meant to work.</P> Wed, 06 Feb 2013 09:41:21 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-demand-indexing-of-a-file/m-p/102690#M21556 Ayn 2013-02-06T09:41:21Z