I'm trying to get an archival datafile into the indexes via oneshot.
Current directory = C:\Program Files\SplunkUniversalForwarder\bin
Full path to source file = C:\Program Files\SplunkUniversalForwarder\bin\recovery\l21\20131213_153013\l21.almlog
Command = splunk add oneshot .\recovery\l21\20131213_153013\l21.almlog -sourcetype ld_alarm_log -index legacy-main -host ewwp0029
Output from command =
Oneshot 'C:\Program Files\SplunkUniversalForwarder\bin\recovery\l21\20131213_153
013\l21.almlog' added
Time passes and the data from the file doesn't appear in the indexes.
I'm looking for suggestions on troubleshooting the problem.
TIA
Chris
... View more