I'm using splunk enterprise trial version 6.6.1. After downloading a first csv file F1, I successively my searchs; but after dowloading another file F2, It becomes impossible to search and get F1 data.
any explanation ?
could someone help me ?
thanks
It is resolved.
I just restarted my laptop and everything is ok.
Maybe It was because I didn't restarted my laptop since splunk installation.
anyway, thanks for your assistance.
It is resolved.
I just restarted my laptop and everything is ok.
Maybe It was because I didn't restarted my laptop since splunk installation.
anyway, thanks for your assistance.
Thanks for letting us know. Happy splunking!
Please describe, step by step, how you downloaded the information and ingested it into splunk, and how you were searching for it. There are dozens of ways that you could do this.
Did you put it into an index? If so, then the data should not disappear just due to loading more data into the same index (or a different one).
Or did you upload it to a csv file on the host and use | inputcsv F1.csv
or | inputlookup F1.csv
to bring in the records? If you were uploading it into a csv file, then you need to understand the syntax for adding another csv file into the same search.
| inputcsv F1.csv | inputcsv append=t F2.csv
Give us the exact details of how you got the data in the first time, and we may be able to figure out what is missing in your method.
It would help to know how you are searching for F1, but source=F1
should find it.
I've done it : source = F1 and the stats count = 0
I've done it : source = F1 and the stats count = 0
What is your query? Feel free to replace confidential information.