Hello,
I forgot to have an index ready when I started to ingest data (log file with data from last week to present) from a Universal Forwarder to my indexer. I saw the message warning me of this, so I created the index and the only data that is appearing in the new index and verified via searching is the data from today. The data is timestamped with date/time after I created the index and it is producing the interesting fields and line breaking correctly with good timestamps.
The data from the previous days isn't coming through.
So the question is; How can I fix this for this index only?
Many thanks.
↧