Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do i re-ingest data from a particular source?

sathiyasun
Explorer
‎11-15-2023 08:51 AM

I had a missing data from a certain date and time range. How would i re-ingest the data into splunk from a UF.

 

Below is the inputs.conf

[monitor:///app/java/servers/app/log/app.log.2023-11-12]
index = app_logs
ignoreOlderThan = 10d
disabled = false
sourcetype = javalogs

Its missing data from Nov-11 00:05 till Nov-12 13:00 so how would i just reinject the data only for that certain data/time period.

It just one log file for a day although we have some events so how would i regest only the missing data for the time period and please let me know the config.

sathiyasun_1-1700066977105.png

 

sathiyasun_0-1700066609304.png

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-15-2023 04:35 PM

A common way to re-ingest data is by using the splunk add oneshot command.  Splunk will re-ingest everything in the file, however, without regard to events that were previously indexed.  To ingest only missing events, I would copy the file and remove the events that you don't want to read in again.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...