https://community.splunk.com/t5/Splunk-Search/How-to-access-Date-Partitioned-files-in-HDFS-dynamically-using/m-p/246285#M189089 <P>Hi sdaruna</P> <P>You should define your virtual index to include subfolders recursively and define the time as part of the file source path. You can then control the data returned in Splunk searches by using the Splunk time picker (2016-01-21)</P> <P>Path to files in HDFS:<BR /> /bla/bla/bla</P> <P>Time capturing regex:<BR /> /bla/bla/bla/\d+</P> <P>Time format:<BR /> yyMMdd</P> <P>The docs for this is here:<BR /> <A href="http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Addavirtualindex">http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Addavirtualindex</A></P> <P>If this is the answer you were looking for, please mark it as Answered. </P> <P>j</P> Tue, 26 Jan 2016 07:10:12 GMT jbjerke_splunk 2016-01-26T07:10:12Z https://community.splunk.com/t5/Splunk-Search/How-to-access-Date-Partitioned-files-in-HDFS-dynamically-using/m-p/246284#M189088 <P>Hi, </P> <P>I have hdfs folders as below. </P> <P>/bla/bla/bla/20160121<BR /> /bla/bla/bla/20160122<BR /> /bla/bla/bla/20160123</P> <P>How to access the data matched in any specific date only for a given query.? lets say, i would like to get data from 20160121 folder only. I do not want to create one virtual index for each folder, coz we gonna have date for all 365 days in a year.</P> Sun, 24 Jan 2016 19:04:45 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-Date-Partitioned-files-in-HDFS-dynamically-using/m-p/246284#M189088 sdaruna 2016-01-24T19:04:45Z https://community.splunk.com/t5/Splunk-Search/How-to-access-Date-Partitioned-files-in-HDFS-dynamically-using/m-p/246285#M189089 <P>Hi sdaruna</P> <P>You should define your virtual index to include subfolders recursively and define the time as part of the file source path. You can then control the data returned in Splunk searches by using the Splunk time picker (2016-01-21)</P> <P>Path to files in HDFS:<BR /> /bla/bla/bla</P> <P>Time capturing regex:<BR /> /bla/bla/bla/\d+</P> <P>Time format:<BR /> yyMMdd</P> <P>The docs for this is here:<BR /> <A href="http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Addavirtualindex">http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Addavirtualindex</A></P> <P>If this is the answer you were looking for, please mark it as Answered. </P> <P>j</P> Tue, 26 Jan 2016 07:10:12 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-Date-Partitioned-files-in-HDFS-dynamically-using/m-p/246285#M189089 jbjerke_splunk 2016-01-26T07:10:12Z