Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Determining which all files are already indexed in a directory which is being monitored by a monitor mode

dishasaxena
Path Finder
‎01-02-2014 10:44 PM

Assuming we are indexing files in a directory which is in a monitor mode, then how to determine how many files are being already indexed and how many are left to be indexed at that particular time. We need to use this in order to remove or move files from that directory which are already indexed for storage consumption purpose.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-03-2014 09:18 AM

From $SPLUNK_HOME/bin you can run 'splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus'. If a file has been read, Splunk will tell you. By the way, there is already a view in the SoS app which provides visualizations around this command's output.

View solution in original post

Reply
Solved! Jump to solution

dishasaxena
Path Finder
‎01-07-2014 08:01 PM

Hi,

These blogs really helped.I used the approach given in first blog. Thanks!!

Regards,
Disha

0 Karma
Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-03-2014 09:18 AM

From $SPLUNK_HOME/bin you can run 'splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus'. If a file has been read, Splunk will tell you. By the way, there is already a view in the SoS app which provides visualizations around this command's output.

Reply
Solved! Jump to solution

dishasaxena
Path Finder
‎01-07-2014 08:02 PM

Thanks for the answer.

Regards,
Disha

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎01-03-2014 07:41 AM

These posts can be useful.
Custom script-
http://blogs.splunk.com/2011/01/02/did-i-miss-christmas-2/

From Splunk internal logs
http://blogs.splunk.com/2012/09/10/tracking-indexing-status-in-splunkd-log-and-metrics-log/

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...