Hi guys,
I am trying to import data from an index provided by the instructor of a Splunk training course.
Follow the steps below:
To Import Course Example Data:
Navigate to Settings—>Indexes—>New Index
Create a new index with the desired name
Save the new index
Use file transfer program to transfer the four folders into new index folder within the Splunk OS
*Nix: /opt/splunk/var/lib/splunk/INDEX_NAME
Search imported data by searching just this index
The file mentioned above has the four folders: colddb, datamodel_summary, db and thaweddb.
After copying all the above files, skipping copying the .bucketManifest and CreationTime files.
The next step I did was restart no splunk.
This procedure did not work. The current size of my index was 0B.
That is, it seems that my Splunk Enterprise (Indexer) did not recognize the index data copied and provided by the instructor.
What can it be?
... View more