What would be the best practice / standard operating procedure when data is imported wrong into Splunk? I imported a webserver server error logs into splunk and did not select the correct date / time.
See this thread - https://answers.splunk.com/answers/771988/time-column-and-event-date-are-different.html
Now that the data has been imported, and I know it is wrong, should the data be removed? I am not even sure how to remove data from splunk?
Or, rename the server error log, reupload, and search only the new error log name?
This is a windows 10 system using free Splunk.
↧