Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why has my cold-to-frozen export script stopped working?

Lowell
Super Champion
‎08-23-2010 08:57 PM

I just noticed that my coldToFrozenScript stopped working around about 4.1.4 and all my exports have been failing. The export bucket location does contains no data.

I did some followup testing and tried to run exporttool by hand, and I'm seeing the following message for all my buckets:

no events

My script is based on the flatfileExport.sh.example script provided by splunk.

Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Lowell
Super Champion
‎08-23-2010 09:12 PM

Check to see if your usage of the exportool utility includes meta::all. If it does, remove it. Splunk has apparently deprecated this command line argument.

In the example of the flatfileExport.sh.example, you should change this line:

exporttool "$1" "${1}/index.export" meta::all

should now be:

exporttool "$1" "${1}/index.export"

I have requested that splunk add this to their release changelog.

View solution in original post

Reply
Solved! Jump to solution
Solution

Lowell
Super Champion
‎08-23-2010 09:12 PM

Check to see if your usage of the exportool utility includes meta::all. If it does, remove it. Splunk has apparently deprecated this command line argument.

In the example of the flatfileExport.sh.example, you should change this line:

exporttool "$1" "${1}/index.export" meta::all

should now be:

exporttool "$1" "${1}/index.export"

I have requested that splunk add this to their release changelog.

Reply
Solved! Jump to solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎08-23-2010 11:59 PM

Lowell, sorry about this oversight. We have fixed exporttool to restore backwards compatibility for calling arguments. This will ship in 4.1.5.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...