Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where can I find data I added into Splunk?

criferr
New Member
‎11-14-2016 08:56 AM

Hi,
I followed the Splunk guide http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/GetthetutorialdataintoSplunk to add data and to do a research; then I did it again with other data. But I can't find them! They are two zip files; when I go to the home page, in the Manage input menu I don't find them! Where are they?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎11-14-2016 09:13 AM

once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.

so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-14-2016 09:16 AM

Hi, are you really using version 6.1.11? The latest is 6.5.0.

The software does not store the zip files in the way you are imagining. It indexes the data inside the zip files and stores that in a number of files. These files are in directories, organized by age. The directories are called buckets.

See How the indexer stores indexes in the Managing Indexes and Clusters of Indexes manual for complete information.

What is it you are trying to do with the input files? After you have loaded them, they are available for searching, and it sounds as if you were successful with that.

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎11-14-2016 09:13 AM

once you added the data, splunk will "index" that data.
then you need to use splunk commands to search and view the data you uploaded.

so, just follow this page
http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Aboutthesearchapp
and run few search commands like -
sourcetype=secure
or, even simply
buttercupgames

0 Karma
Reply
Solved! Jump to solution

criferr
New Member
‎11-17-2016 01:19 AM

And if I want to delete them?

0 Karma
Reply
Solved! Jump to solution

criferr
New Member
‎11-17-2016 02:07 AM

Thank you!

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-17-2016 08:45 AM

It's important to know that the delete command does not remove any data from the index or reclaim any disk space. It just makes those events invisible to subsequent searches.

To delete indexed data permanently from disk, you need to use the CLI clean command.

Read Remove indexes and indexed data in the Managing Indexers and Clusters of Indexers manual.

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎11-17-2016 01:32 AM

if you want to delete any data from splunk,
then you can search it and then use the "delete" command
(you should have permissions to run this delete command. if you are admin, you will probably have the permission)

index=testindex source=/var/log/messages | delete
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...