Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How do I emulate a tcp stream to test data ingesti...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a stream of call data records in xml form coming into splunk and i would like to add some ingestion-time transformations to it. However I have broken the input at least twice, so I need a debugging setup.
I ran a packet capture to get about three minutes worth of the stream (500 or so megabytes) and stripped out the xml data into a raw text file. I am going to "ingest" this file into a test server.
How do I dump the contents of an index so i can re-import the same data over and over again to test my transforms?
--jason
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason0
Take a look at this existing community answers. In summary, you need to clean the index, and reset the fishbucket pointer for the input you are testing.
Do this in a test environment. There is no undo for these steps.
https://community.splunk.com/t5/Getting-Data-In/btprobe-and-re-indexing-data/m-p/108265
https://community.splunk.com/t5/Splunk-Search/Re-indexing-multiple-files-using-btprobe/td-p/298672
Hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jason0
Take a look at this existing community answers. In summary, you need to clean the index, and reset the fishbucket pointer for the input you are testing.
Do this in a test environment. There is no undo for these steps.
https://community.splunk.com/t5/Getting-Data-In/btprobe-and-re-indexing-data/m-p/108265
https://community.splunk.com/t5/Splunk-Search/Re-indexing-multiple-files-using-btprobe/td-p/298672
Hope this helps.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
