Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to force the re-indexing of selective data on a forwarder?

crazyeva
Contributor
‎07-31-2012 03:40 AM

I have done "splunk clean eventdata -index XXX" on indexers
and cleaned "fishbucket" on forwarders
problem occurs when i start splunkd:
indexs which are not cleaned begin to load date the second time, events duplicated
How could i clean a certain index an reload it individually?
Thank you!

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎07-31-2012 08:17 AM

I would suggest that you try the steps described in this Splunk Answer on your forwarder against the specific files you want to re-index.

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎07-31-2012 08:17 AM

I would suggest that you try the steps described in this Splunk Answer on your forwarder against the specific files you want to re-index.

Reply
Solved! Jump to solution

hexx
Splunk Employee
Splunk Employee
‎07-31-2012 06:41 PM

You have to invoke btprobe with the following command line syntax:

$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/bin/btprobe

I amended the Splunk Answer referenced to reflect this.

0 Karma
Reply
Solved! Jump to solution

crazyeva
Contributor
‎07-31-2012 06:23 PM

OK Thank you very much!
I saw your amendment
I am staring at that for a long while and doubting does it seem a little different form what i saw one second ago

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...