Hi,
I recently had to re-install the os of the machine where splunk enterprise is hosted, I backed up my splunk server which included the index files. When the restore was done the every thing was restored except the index files. On starting the server, this caused all the indexes to be newly created but now only containing recent data.
Now I somehome need to merge the data from the backed up index to and index of the same name on the server.
I've tried renaming the backed up index, stopping splunk, copying it the index folder and restarting splunk. Splunk however does not recognise the new index and hence I cant query it.
Any ideas?
Thanks
... View more