Hi
If I have a summary-populating-index search that is scheduled to run daily. Is it possible to index data that is older than a day & goes back about a year through this search?
Thanks for your help.
Ranga
You can use the backfilling tool:
http://www.splunk.com/base/Documentation/latest/Knowledge/Managesummaryindexgapsandoverlaps
The script will run searches over the appropriate time range and will back fill the summary index.
Splunk ships with a script, fill_summary_index.py, that does this for you.
You can use the backfilling tool:
http://www.splunk.com/base/Documentation/latest/Knowledge/Managesummaryindexgapsandoverlaps
The script will run searches over the appropriate time range and will back fill the summary index.