Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

backfill summary index one day at a time

michaelrosello
Path Finder
‎06-29-2018 12:35 AM

I'm trying to back fill my summary index one day at a time because my current savesearch contains a lot of regular expressions and can only run 24 hours of data for it not to be truncated.

For example my data if from 01/01/2018 up to present.

So what I want is when i execute the script it will run for 01/01/2018 data. then after it finishes then will run again for 01/02/2018 data until I reach the date yesterday.

0 Karma
Reply

hallt2
New Member
‎10-22-2018 10:01 AM

You can use the Python API to do so pretty easily. You just have the search with the collect or summaryindex command and use a loop to iterate. http://dev.splunk.com/python

0 Karma
Reply

woodcock
Esteemed Legend
‎06-29-2018 08:38 PM

Your question makes no sense. Create a different populating search that will run every day for Last 24 hours and then run the backfill script over as many days as you like. It will run 1 day at a time, over and over.

0 Karma
Reply

michaelrosello
Path Finder
‎07-01-2018 06:27 PM

What Im trying to do is. put in summary index my data of 01/01/2018 upto 06/30/2018 in one execution. I want to backfill them all in one day.

0 Karma
Reply

woodcock
Esteemed Legend
‎07-01-2018 07:07 PM

And that is exactly what I told you how to do. Create a SI-populating search that covers Last 24 hours or Yesterday and the do backfill as described here, with the python script:

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managesummaryindexgapsandoverlaps

Reply
Register for .conf25!
Get Updates on the Splunk Community!

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

It's 3:17 AM, and your phone buzzes with an urgent alert. Wire transfer processing times have spiked, and ...