Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where can I find data I added into Splunk?

criferr
New Member
‎11-14-2016 08:56 AM

Hi,
I followed the Splunk guide http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/GetthetutorialdataintoSplunk to add data and to do a research; then I did it again with other data. But I can't find them! They are two zip files; when I go to the home page, in the Manage input menu I don't find them! Where are they?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎11-14-2016 09:13 AM

once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.

so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-14-2016 09:16 AM

Hi, are you really using version 6.1.11? The latest is 6.5.0.

The software does not store the zip files in the way you are imagining. It indexes the data inside the zip files and stores that in a number of files. These files are in directories, organized by age. The directories are called buckets.

See How the indexer stores indexes in the Managing Indexes and Clusters of Indexes manual for complete information.

What is it you are trying to do with the input files? After you have loaded them, they are available for searching, and it sounds as if you were successful with that.

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎11-14-2016 09:13 AM

once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.

so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

criferr
New Member
‎11-17-2016 01:19 AM

And if I want to delete them?

0 Karma
Reply
Solved! Jump to solution

criferr
New Member
‎11-17-2016 02:07 AM

Thank you!

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-17-2016 08:45 AM

It's important to know that the delete command does not remove any data from the index or reclaim any disk space. It just makes those events invisible to subsequent searches.

To delete indexed data permanently from disk, you need to use the CLI clean command.

Read Remove indexes and indexed data in the Managing Indexers and Clusters of Indexers manual.

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎11-17-2016 01:32 AM

if you want to delete any data from splunk,
then you can search it and then use the "delete" command
(you should have permissions to run this delete command. if you are admin, you will probably have the permission)

index=testindex source=/var/log/messages | delete
thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
li.common.scroll-to.top