Hi,
I have requirement where i wants to re-index file data for specific sourcetype or source ?
Is it possible to do in splunk ?
For cleaning and re-indexing refer this link
http://answers.splunk.com/answers/1203/why-wont-splunk-re-index-my-data
In this link Yann has given 3 nice options to re-index a file. Just like my earlier comment renaming is one of the options
http://answers.splunk.com/answers/46780/reset-splunkforwarder-to-re-read-file-from-beginning
You want to clean the data and re-index or you just want to re-index?
Or you can use Splunk CLI oneshot to add the data again.
See this http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/MonitorfilesanddirectoriesusingtheCLI
Yes it is possible. Change the filename and try. If filename is your source then change file modification time and try.
