All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Single Index (Historic Data) & Splunk Apps

gdavid
Path Finder
‎03-11-2013 04:26 PM

I have a single index that has just been collecting data for months now. I want to use some splunk apps now (citrix / active directory / cisco) . How can i accomplish this?

is the best plan of attack to export the data into the new databases? (how do i do that?)

thanks in advance

gd

Tags (3)
0 Karma
Reply

gdavid
Path Finder
‎04-19-2013 10:18 AM

My end goal was to reindex the data for cisco security app.

i ended up running a query for my cisco hosts.
i export to raw

then imported using
splunk.exe add oneshot d:\gdtest.raw -host myHostIP -rename-source udp:514

0 Karma
Reply

vincesesto
Communicator
‎03-11-2013 10:36 PM

Not sure what the easy way to resolve this issue would be, but I would guess you could either, change the app to point to your old data as well as your new data or use the collect command to move the data into the newly created app index

eg:

index=oldindex | collect index=newindex

The information you search for will then be piped into the index you need

http://docs.splunk.com/Documentation/Splunk/latest/searchreference/collect

Not sure if there is a better resolution to this

0 Karma
Reply

gdavid
Path Finder
‎03-11-2013 07:28 PM

sorry i'm new to splunk and its terminology.

i have an existing splunk instance with a single index that has all my data.
i have a new separate installation with 2 indexers and 1 search head.

i've installed the citrix xendesktop/xenapp apps and i noticed how it auto created specific indexes. I just assumed that in order to use the different apps the data had to be in the specific indexes.

0 Karma
Reply

vincesesto
Communicator
‎03-11-2013 04:41 PM

Hey gd,
I am not sure what you mean by exporting the data into new databases...With regards to using the splunk app, have you installed them yet and if so, is there no data displaying(Is this the issue you are facing?)
Regards, Vince

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...