Solved: How to force the re-indexing of selective data on ...

crazyeva · ‎07-31-2012

I have done "splunk clean eventdata -index XXX" on indexers
and cleaned "fishbucket" on forwarders
problem occurs when i start splunkd:
indexs which are not cleaned begin to load date the second time, events duplicated
How could i clean a certain index an reload it individually?
Thank you!

hexx · ‎07-31-2012

I would suggest that you try the steps described in this Splunk Answer on your forwarder against the specific files you want to re-index.

View solution in original post

hexx · ‎07-31-2012

I would suggest that you try the steps described in this Splunk Answer on your forwarder against the specific files you want to re-index.

hexx · ‎07-31-2012

You have to invoke btprobe with the following command line syntax:

$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/bin/btprobe

I amended the Splunk Answer referenced to reflect this.

crazyeva · ‎07-31-2012

OK Thank you very much!
I saw your amendment
I am staring at that for a long while and doubting does it seem a little different form what i saw one second ago

How to force the re-indexing of selective data on a forwarder?

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Enterprise Security Content Update (ESCU) | New Releases