Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to reindex the same source

vkakani60
Path Finder
‎07-05-2016 01:32 PM

I tried to reindex the following windows directories using "Monitor" from input data.

d:\logs\appx
d:\logs\appy
d:\logs\trac

the above folders contain 3-4 log files.
I gave specific sourcetype for each data input folder.

Splunk indexed "appx" and "trac" folders but not "appy" folder. I am unable to see the events from the search results for appy, but I can see Splunk showed count of appy directory under files & directories. I deleted the datainputs and sourcetype and added appy with different sourcetype and index but still I can't see the events in the search results.

I tried to add crcsalt but I don't have permission to edit the input.conf file.

How can I reindex the appy directory

NOTE: Splunk indexing files under appy individually but not entire appy directory.

0 Karma
Reply

ddrillic
Ultra Champion
‎07-05-2016 05:47 PM

Is it possible for you to run the following on the forwarder ./splunk cmd btool inputs list monitor?

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 05:53 PM

I am not fetching data from remote servers to run that forwarder command.

Those directories are on splunk local server. (I mean that "appy" directory is located on D drive and splunk installed on C drive) no other servers connected using universal forwarder..

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 05:55 PM

I can index the individual file under that appy directory but not entire appy directory. Wondering why its not indexing because the logs in appy are similar to other folder logs but different application.

0 Karma
Reply

sundareshr
Legend
‎07-05-2016 04:52 PM

What timerange are you searching? Have you tried alltime?

0 Karma
Reply

vkakani60
Path Finder
‎07-05-2016 04:55 PM

I am searching for "all time" only . Interesting thing is it is indexing individual files but not that directory.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...