Solved: How can I re-index license-usage.log?

tkwaller_2 · ‎08-20-2018

Hello

Someone prior to me had set the license master to forward logs to the wrong hosts so when I fixed it I have no historical data for license usage.
Whats the best way to fix this?

Thanks for the assistance!

CarsonZa · ‎08-20-2018

one of the following is what i use

modify the first line of the files to reindex, by default splunk checks the first 256 chars of a file to differentiate them. If you had a simple comment on the first line it will reindex it
change the crcSalt, create a new input for a new folder, add all the correct sourcetypes, etc... using a static string that will force a one time reindexing. crcSalt= REINDEXMEPLEASE

https://answers.splunk.com/answers/72562/how-to-reindex-data-from-a-forwarder.html

View solution in original post

CarsonZa · ‎08-20-2018

one of the following is what i use

modify the first line of the files to reindex, by default splunk checks the first 256 chars of a file to differentiate them. If you had a simple comment on the first line it will reindex it
change the crcSalt, create a new input for a new folder, add all the correct sourcetypes, etc... using a static string that will force a one time reindexing. crcSalt= REINDEXMEPLEASE

https://answers.splunk.com/answers/72562/how-to-reindex-data-from-a-forwarder.html

tkwaller_2 · ‎08-20-2018

My only concern was with the data that was already there but it backfilled/reindexed just fine

Thanks again

How can I re-index license-usage.log?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor