Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Use btprobe reset to re-index multiple files

MedralaG
Communicator
‎05-27-2017 11:43 AM

I have the following files that are being monitored on a server with a universal forwarder.
/var/log/www1/secure.log
/var/log/www1/access.log
/var/log/www2/secure.log
/var/log/www2/access.log

Is there a way to use wildcards to get btprobe to reset and reindex the content of those files.
Keep in mind that the /var/log/ directory has other subfolders that are being monitored that I don't want to reset those, so purging the fishbucket folder is out of question.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-28-2017 09:17 PM

Even if wildcards worked (there's no indication that they do), it would be too risky to use them; just do this from shell in bash:

for file in /var/log/www1/secure.log /var/log/www1/access.log /var/log/www2/secure.log /var/log/www2/access.log
do
    echo resetting $file...
    $SPLUNK_HOME/bin/splunk cmd btprobe -d  $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db  --file $file --reset
done

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-28-2017 09:17 PM

Even if wildcards worked (there's no indication that they do), it would be too risky to use them; just do this from shell in bash:

for file in /var/log/www1/secure.log /var/log/www1/access.log /var/log/www2/secure.log /var/log/www2/access.log
do
    echo resetting $file...
    $SPLUNK_HOME/bin/splunk cmd btprobe -d  $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db  --file $file --reset
done
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...