I have a file that I've been playing around with - now I've come to the point where I want to reindex the entire file but can't seem to figure out how to do so - I've used the sourceType... | delete command which deletes some data but doesn't actually let splunk reindex - even if I re-add the file as a monitor it'll only add new events!
Looking at this option,
manually reindex each file with the
oneshot option, you also can edit the
log file and add a comment on the
first line that will force the file to
detected as a new file.
./splunk add oneshot
but is that run from the splunk web search box or from the server or?