Getting Data In

Indexing process

dimoobraznii
Path Finder

Hi guys!

How can I look at indexing process? Can I see what splunk is indexing file by file. Because it looks like black box, I show source and then search index but don't understand how splunk will index new files.

Tags (1)
0 Karma

tom_frotscher
Builder

Hi,
you have some options. If you want to know which files splunk processes, you can for example take a look at the Trailing processor:

https://localhost:8089/services/admin/inputstatus/TailingProcessor%3AFileStatus

To check the performance of the indexing queues you can use the distributed management console. In the splunk webui go to settings > distributed management console > indexing performance.

To get a better understanding of the indexing process, take a look at the docs. For example here: Link

Greetings

Tom

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...