Solved: How can I re-index license-usage.log?

tkwaller_2 · ‎08-20-2018

Hello

Someone prior to me had set the license master to forward logs to the wrong hosts so when I fixed it I have no historical data for license usage.
Whats the best way to fix this?

Thanks for the assistance!

CarsonZa · ‎08-20-2018

one of the following is what i use

modify the first line of the files to reindex, by default splunk checks the first 256 chars of a file to differentiate them. If you had a simple comment on the first line it will reindex it
change the crcSalt, create a new input for a new folder, add all the correct sourcetypes, etc... using a static string that will force a one time reindexing. crcSalt= REINDEXMEPLEASE

https://answers.splunk.com/answers/72562/how-to-reindex-data-from-a-forwarder.html

View solution in original post

CarsonZa · ‎08-20-2018

one of the following is what i use

modify the first line of the files to reindex, by default splunk checks the first 256 chars of a file to differentiate them. If you had a simple comment on the first line it will reindex it
change the crcSalt, create a new input for a new folder, add all the correct sourcetypes, etc... using a static string that will force a one time reindexing. crcSalt= REINDEXMEPLEASE

https://answers.splunk.com/answers/72562/how-to-reindex-data-from-a-forwarder.html

tkwaller_2 · ‎08-20-2018

My only concern was with the data that was already there but it backfilled/reindexed just fine

Thanks again

How can I re-index license-usage.log?

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]