Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sample File - Reindex

tb5821
Communicator
‎02-10-2018 04:49 PM

I have a file that I've been playing around with - now I've come to the point where I want to reindex the entire file but can't seem to figure out how to do so - I've used the sourceType... | delete command which deletes some data but doesn't actually let splunk reindex - even if I re-add the file as a monitor it'll only add new events!

Help.

0 Karma
Reply

micahkemp
Champion
‎02-10-2018 05:02 PM

Consult this previous answers post for guidance.

0 Karma
Reply

tb5821
Communicator
‎02-10-2018 05:04 PM

Looking at this option,

manually reindex each file with the
oneshot option, you also can edit the
log file and add a comment on the
first line that will force the file to
detected as a new file.

./splunk add oneshot
"/path/to/my/file.log" -sourcetype
mysourcetype

but is that run from the splunk web search box or from the server or?

0 Karma
Reply

493669
Super Champion
‎02-10-2018 06:21 PM

it will run on CLI (server)

0 Karma
Reply
Get Updates on the Splunk Community!