I seen several file is shown .tsidx under the C:\Program Files\Splunk folder.
I want to know how to open that file.
Hi,
I'm not sure how to open the files, they are used for Splunk indexing and as such it probably isn't wise to edit the file/archive.
The following Splunk documentation mentions some commands which may be of use... HOWEVER YOU SHOULD TAKE NOTE OF THE WARNING... "Caution: Do not use these commands without consulting Splunk Support first." which is noted at the beginning of the text.
If you are looking to clean event data out of the index you could use the CLI clean command detailed here, again take note... once the event data has been removed you can not restore unless you have the original stored.
Regards,
MHibbin
you can't open the files yourself, but you can use the tsidxprobe tool to have Splunk review them for you. check out:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Troubleshooting/CommandlinetoolsforusewithSupport#...
for more info.
Hi,
I'm not sure how to open the files, they are used for Splunk indexing and as such it probably isn't wise to edit the file/archive.
The following Splunk documentation mentions some commands which may be of use... HOWEVER YOU SHOULD TAKE NOTE OF THE WARNING... "Caution: Do not use these commands without consulting Splunk Support first." which is noted at the beginning of the text.
If you are looking to clean event data out of the index you could use the CLI clean command detailed here, again take note... once the event data has been removed you can not restore unless you have the original stored.
Regards,
MHibbin
If this helped answer you question, can you please mark the answer as accepted.
Thanks MHibbin
Yes, these are Splunk's internal data format. Trying to open/edit them is very unwise.