For some reason I did get a hang or something while I added a folder of FTP log to the Splunk server.
This made the index of older data not work, only new data from a certain date is shown in Splunk.
How does I force Splunk to reindex all data in a folder on a Windows system. Data are stored in C:\log\FTP.
Would it also be possible to say, I just like to get the last 100 days indexed?
Splunk does extract date for the logs and everything else works fine.
If the data is not too big and you have a index with only this data, why not simply delete the file input monitor, the index and start again?
In your inputs.conf you can use the parameter
ignoreOlderThan = 7d
to prevent splunk reading files too old (that's the file modification date, not the event itself).
FYI, Splunk Universal F. has an internal index where it mark what has been indexed. This information is stored at C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket. If you stop Splunk, delete this folder and start again, it'll re-send EVERYTHING to the Splunk Server, like a brand new Splunk UF installation.