The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: Export 1 Minute and Import On Another Server

Previous Topic: filter out files from forwarder via _blacklist | Next Topic: Problem to Index Linux Auditd

Posts 1–1 of 1

posted by: mkinner | posts
date: January 25, 2010
permalink

I would like to export 1 minute of data on our production server and then import into a new server used for testing. Running Splunk v3.4.9. Could someone please assist with the correct date and time arguments for the export command. The following command does not work because the starttime and endtime arguments are invalid. What are valid arguments?

splunk export eventdata main -dir /mydir/splunkdata.dat -starttime "01/25/2010:09:00:00" -endtime "01/25/2010:09:00:59"

splunk import eventdata main -dir /mydir/splunkdata.dat

Forums: SplunkAdministration: Export 1 Minute and Import On Another Server

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download