Hi Folks,
i have some trouble with importing historical data to splunk.
From the manual:
splunk_app_2.0_for_wsa_guideImporting and Indexing Historical Data
Before You Begin
•Complete configuration tasks listed in Install and Configure Splunk, page 1-4.
•Verify that field extractions are correct. SeeChapter 3, “Field Extractions”.
•Know the folder structure. See Create the Folder Structure for Log Files, page 1-7.
•(Optional) See (Optional) Estimating the Import Time, page 1-7.
Step 1 Copy the historical log files into the folder structure for log files.
Note By default, these logs will be deleted after the data is indexed.
Step 2From a command prompt run the summary script:
Linux: $SPLUNK_HOME/etc/apps/CiscoWSA/bin /summary.sh
Windows: X:\$SPLUNK_HOME\etc\apps\CiscoWSA\bin\summary.vbs
Step 3 Navigate to the Splunk folder and enter the local Splunk administrator credentials when prompted
...
The point is, this file X:\$SPLUNK_HOME\etc\apps\CiscoWSA\bin\summary.vbs
summary.vbs did not exists on the server, i've searched the complete server.
after that, i downloaded the app manually and extracted the tgz / tar file and manually searched every folder.
otherwise, could someone send me the summary.vbs for my version?
Backround informations:
Splunk 5.0.4 Build 172409 (latest) WINDOWS on W2K8 R2
and Splunk for Cisco Ironport Web Security 2.0
Installpath is:
D:\Program Files\Splunk
Installpath Cisco WSA is:
D:\Program Files\Splunk\etc\apps\Splunk_CiscoIronportWebSecurity
could someone confirm?
thanks
Of course we have a licence here....