Splunk Search

What is this Backfilling script??

keshab
Path Finder

What's the difference between daily, fivemin, and all backfilling python script?

What does this script actually do for Web Intelligence app?

Logs get indexed in Splunk - shouldn't the Web Intelligence app show traffic in real time??

0 Karma
1 Solution

joshd
Builder

The backfill_all.py script executes a number of searches to populate the summary indexes with data you have already indexed and not just the new stuff that the web intelligence app will see going forward after installation. The scheduled searches that come with the web intelligence app will only execute against new data and not data thats say a year old.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

For more info, see the docs: http://docs.splunk.com/Documentation/WebIntel/1.0Beta/User/Backfillingdata. "Once setting up the app is complete, you might need to backfill your historical data to view events older than the last five minutes. The Web Intelligence app include data summarizations for 5 minute, hourly, and daily time ranges."

0 Karma

joshd
Builder

The backfill_all.py script executes a number of searches to populate the summary indexes with data you have already indexed and not just the new stuff that the web intelligence app will see going forward after installation. The scheduled searches that come with the web intelligence app will only execute against new data and not data thats say a year old.

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...