Hey Guys,
Using Strava for Splunk App v2.5.1 .. successfully installed and configured. Created a data input and Strava activities were being ingested into my index (dedicated index called strava). All was well with the world. But then I was having some weird issues and decided to start from scratch.
I deleted the TA and index and started again with a cleanly restarted splunk instance, free of any Strava for Splunk App config. This is what I did:
splunk stop
splunk clean eventdata -index strava
rm -rf /opt/splunk/etc/apps/TA-strava-for-splunk
rm -rf /opt/splunk/var/lib/splunk/strava.dat
rm -rf /opt/splunk/var/lib/splunk/modinputs/strava_api
rm -rf /opt/splunk/var/lib/splunk/strava
rm -rf /opt/splunk/etc/users/admin/TA-strava-for-splunk
rm -rf /opt/splunk/etc/users/splunkadm/TA-strava-for-splunk
( cd /opt/splunk/etc/apps; tar xvzf ~splunkadm/Downloads/strava-for-splunk_251.tgz )
splunk start
Reconfigured the Strava TA, including the data input and the log shows a successfull connection to Strava; it checks to see if any new activities (at this point I have nothing in the strava index) and then nothing .. the log says "All done, looks like we've got all activities for XXX". Nothing appears in my clean empty strava index.
Using DEBUG mode I see its asking Strava for anything new since the last activity (epoch time of the last event). So, somewhere in my system it has cached/remembered what the last activity was and now it wont ingest any activities.
How do I reset that???
