×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
mrlong67
New Member
Member since: ‎11-07-2017
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-07-2017
View All

Re: How can digital shadows app remember the last ...

by in All Apps and Add-ons
‎06-08-2018 06:51 AM
‎06-08-2018 06:51 AM
Having had an email back from the engineer, and looking through digital_shadows.py the app tries to delete all the logs in the index created i.e. [delete_existing_pipeline(self): delete_query = 'search source=digital_shadows sourcetype=pipeline | delete'] then pull all the logs in again. This delete cant be done when using a heavy forwarder to pull the logs as it wont be able to access/delete the index. Also, am i right in saying that the delete command doesn't actually delete the data just makes it unsearchable? So storing a huge amount of replicated data. Any ideas what the next move is other than to rewrite the app? ... View more

Re: How can digital shadows app remember the last ...

by in All Apps and Add-ons
‎06-08-2018 01:22 AM
‎06-08-2018 01:22 AM
A ticket has been raised and awaiting a response from an engineer, Thanks ... View more

How can digital shadows app remember the last date...

by in All Apps and Add-ons
‎06-07-2018 11:45 PM
‎06-07-2018 11:45 PM
I have the app installed on a heavy forwarder forwarding to an a clustered index. Every time it pulls the data it pulls all the way back to the date set in inputs.conf. How can the app remember the last time it pulled from? This is creating replicated data and heavily skewed data. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM