- Splunk Operational Intelligence Cookbook
- Josh Diakun Paul R Johnson Derek Mock
- 126字
- 2025-04-04 16:53:01
One-time indexing of data files using the Splunk CLI
Although you can select Upload and Index a file from the Splunk GUI to upload and index a file, there are a couple of CLI functions that can be used to perform one-time bulk loads of data.
Use the oneshot command to tell Splunk where the file is located and which parameters to use, such as the source type:
./splunk add oneshot XXXXXXX
Another way is to place the file you wish to index into the Splunk spool directory, $SPLUNK_HOME/var/spool/splunk, and then add the file using the spool command, as shown in the following code:
./splunk spool XXXXXXX
If using Windows, omit the dot and slash (./) that is in front of the Splunk commands mentioned earlier.