Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
I had a folder full of log files I wanted to index real quick in my local instance of Splunk. They won’t persist, so the right thing to do is to use the “oneshot” command (documented here). This can be done in the web UI, but I like doing stuff at the command line. I opened up PowerShell (elevated, as my Splunk instance runs as system) and tried this:
splunk add oneshot *.log
And this was the output:
In handler 'oneshotinput': unable to open file: path='C:\Users\Hal\temp\*.log' error='The filename, directory name, or volume label syntax is incorrect.'
It didn’t work! Ok, so my assumption was that Splunk would parse the wildcard and have at it. But no big deal, this is quick to solve with a PowerShell one-liner:
ls | % { splunk add oneshot $_ }
Or, properly expanded out to not use the built-in aliases:
Get-ChildItem | ForEach-Object { splunk add oneshot $_ }
Hope this helps!
----------------------------------------------------
Thanks!
Hal Rottenberg
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.