Hi,
I followed the Splunk guide http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/GetthetutorialdataintoSplunk to add data and to do a research; then I did it again with other data. But I can't find them! They are two zip files; when I go to the home page, in the Manage input menu I don't find them! Where are they?
once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.
so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames
Hi, are you really using version 6.1.11? The latest is 6.5.0.
The software does not store the zip files in the way you are imagining. It indexes the data inside the zip files and stores that in a number of files. These files are in directories, organized by age. The directories are called buckets.
See How the indexer stores indexes in the Managing Indexes and Clusters of Indexes manual for complete information.
What is it you are trying to do with the input files? After you have loaded them, they are available for searching, and it sounds as if you were successful with that.
once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.
so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames
And if I want to delete them?
Thank you!
It's important to know that the delete
command does not remove any data from the index or reclaim any disk space. It just makes those events invisible to subsequent searches.
To delete indexed data permanently from disk, you need to use the CLI clean
command.
Read Remove indexes and indexed data in the Managing Indexers and Clusters of Indexers manual.
if you want to delete any data from splunk,
then you can search it and then use the "delete" command
(you should have permissions to run this delete command. if you are admin, you will probably have the permission)
index=testindex source=/var/log/messages | delete