Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to reindex the same source

vkakani60
Path Finder
‎07-05-2016 01:32 PM

I tried to reindex the following windows directories using "Monitor" from input data.

d:\logs\appx
d:\logs\appy
d:\logs\trac

the above folders contain 3-4 log files.
I gave specific sourcetype for each data input folder.

Splunk indexed "appx" and "trac" folders but not "appy" folder. I am unable to see the events from the search results for appy, but I can see Splunk showed count of appy directory under files & directories. I deleted the datainputs and sourcetype and added appy with different sourcetype and index but still I can't see the events in the search results.

I tried to add crcsalt but I don't have permission to edit the input.conf file.

How can I reindex the appy directory

NOTE: Splunk indexing files under appy individually but not entire appy directory.

0 Karma
Reply

ddrillic
Ultra Champion
‎07-05-2016 05:47 PM

Is it possible for you to run the following on the forwarder ./splunk cmd btool inputs list monitor?

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 05:53 PM

I am not fetching data from remote servers to run that forwarder command.

Those directories are on splunk local server. (I mean that "appy" directory is located on D drive and splunk installed on C drive) no other servers connected using universal forwarder..

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 05:55 PM

I can index the individual file under that appy directory but not entire appy directory. Wondering why its not indexing because the logs in appy are similar to other folder logs but different application.

0 Karma
Reply

sundareshr
Legend
‎07-05-2016 04:52 PM

What timerange are you searching? Have you tried alltime?

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 04:55 PM

I am searching for "all time" only . Interesting thing is it is indexing individual files but not that directory.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...