Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Re-send data with universal forwarder?

kevintelford
Path Finder
‎04-06-2011 08:31 PM

When using a lightweight-forwarder we were able to clean the fishbucket (eventdata) so that we could re-forward data. Trying this on the new universal forwarder yields the message "ERROR: Cleaning eventdata is not supported on this version." Is there a new way to do this?

Thanks, Kevin

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

amrit
Splunk Employee
Splunk Employee
‎04-07-2011 02:34 AM

There is currently no command that will clean only the fishbucket (this is a bug, lack of foresight, something). You should file an ER for this, but in the meantime you can just wipe the contents of $SPLUNK_DB/var/lib/splunk/fishbucket/ .

View solution in original post

Reply
Solved! Jump to solution

cervelli
Splunk Employee
Splunk Employee
‎07-20-2011 11:27 AM

The clean all command works for removing the fishbucket on a UF. Is there a reason you can't issue that command?

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-28-2012 04:49 PM

cervelli said clean all. not clean eventdata.

0 Karma
Reply
Solved! Jump to solution

ferenc0521
New Member
‎05-24-2018 02:21 PM

clean all removed all user data, including admin. I cannot add admin back, because it requires authorization.
catch 22

0 Karma
Reply
Solved! Jump to solution

ferenc0521
New Member
‎05-24-2018 02:50 PM

so tried clean all, but didn't see the files/events resent, moreover the admin user is gone, so
can't check with:
https://:8089/services/admin/inputstatus/TailingProcessor:FileStatus
because no auth with admin is possible.

I guess reinstall/config is next step

0 Karma
Reply
Solved! Jump to solution

tonopahtaos
Path Finder
‎08-02-2012 02:32 PM

Here is why:

C:\Program Files\SplunkUniversalForwarder\bin>splunk clean eventdata
This action will permanently erase all events from ALL indexes; it cannot be und
one.
Are you sure you want to continue [y/n]? y
ERROR: Cleaning eventdata is not supported on this version.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎07-20-2011 01:19 PM

I don't know his problem, but I guess this would wipe/reset the user/password data, wouldn't it?

Reply
Solved! Jump to solution
Solution

amrit
Splunk Employee
Splunk Employee
‎04-07-2011 02:34 AM

There is currently no command that will clean only the fishbucket (this is a bug, lack of foresight, something). You should file an ER for this, but in the meantime you can just wipe the contents of $SPLUNK_DB/var/lib/splunk/fishbucket/ .

Reply
Solved! Jump to solution

tonopahtaos
Path Finder
‎08-02-2012 02:17 PM

This did not work for me. When UF was running, i got a error when I wiped out the content of 'fishbucket'. I have to stop UF first, then remove all under 'fishbucket'. After restarting UF, i did not see any admon or Windows audit event resent.

0 Karma
Reply
Solved! Jump to solution

amrit
Splunk Employee
Splunk Employee
‎04-08-2011 05:16 PM

You want a cookie?

Reply
Solved! Jump to solution

kevin_telford
New Member
‎07-15-2015 11:41 AM

Four plus years and still no cookie. Hopefully you don't treat all the ladies this way.

0 Karma
Reply
Solved! Jump to solution

kevintelford
Path Finder
‎04-07-2011 03:51 PM

Submitted: Case # 57213

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...