I am attempting to recover from a hard crash, through no fault of Splunk's. Is it possible to unzip /rawdata/journal.gz and import that raw data back into a new index? I had multiple indexes, so there are are multiple folders with rawdata/journal.gz in them. Just looking to unzip them all into 1 index.
Adam has the good answer here, but to be explicit: you cannot uncompress journal.gz and re-compress it sanely. slices.dat and journal.gz must agree and both must exist.
If you somehow encounter a corruption mid-journal.gz and need to perform partial recovery because it's hugely important data and you have no backups (!!) and are willing to spend many hours on the problem, get in touch directly (username) or via support.
Generally Splunk shouldn't be capable of generating such a problem as we don't modify these files, so any such problem would have to be OS or hardware faults.