Splunk Pointer

The Splunk app is using an incrementing pointer to establish an ongoing vulnerability stream. This is the same approach elaborated in chapter Establish a Steady Vulnerability Stream of our API documentation.

Changing Pointer Position

Under certain ciscumstances you might want to change the pointer. Resetting the pointer is not possible within the settings of our Splunk app to prevent unwanted data inconsistencies.

⚠️ Important: Manually interfering with the pointer might overconsume API credits, cause data inconsitencies, or destroy data downloaded already. Be very certain that you need to do a pointer change and execute such with caution. We do not provide any support for dependencies and impact of manual pointer changes.

⚠️ Warning: If you are going to change a pointer from the past (e.g. 2024-05-20) to the future (e.g. 2024-10-01), you will be missing all entries between these two dates.

You may take the following steps to change the pointer of your Splunk app:

  1. Go to Settings > Data Inputs > VulDB, then click on Delete under Actions. This will not delete any VulDB entries that are already stored in your Splunk instance.
  2. Delete the cursor folder located by default at $SPLUNK_HOME/var/lib/splunk/modinputs/VulDB. In case you are using Windows for your Splunk installation or deployed a custom directory structure, adapt the path accordingly.
  3. Go to Settings > Data Inputs > VulDB and click the green button labeled New.
  4. Here you may define a new date for your pointer. This defines how far from the past recent entries should be fetched. Enter the desired date in the field Fetch data since with the format YYYY-MM-DD (other date formats are not supported). For example 2024-12-01 for the 1st of December 2024.
During the next iteration the Splunk app will resume fetching data from this new date.

Mise à jour: 19/07/2024 par VulDB Documentation Team

Want to stay up to date on a daily basis?

Enable the mail alert feature now!