Splunk Pointer
The Splunk app is using an incrementing pointer to establish an ongoing vulnerability stream. This is the same approach elaborated in chapter Establish a Steady Vulnerability Stream of our API documentation.
Changing Pointer Position
Under certain ciscumstances you might want to change the pointer. Resetting the pointer is not possible within the settings of our Splunk app to prevent unwanted data inconsistencies.
⚠️ Important: Manually interfering with the pointer might overconsume API credits, cause data inconsitencies, or destroy data downloaded already. Be very certain that you need to do a pointer change and execute such with caution. We do not provide any support for dependencies and impact of manual pointer changes.
⚠️ Warning: If you are going to change a pointer from the past (e.g. 2024-05-20) to the future (e.g. 2024-10-01), you will be missing all entries between these two dates.
You may take the following steps to change the pointer of your Splunk app:
- Go to
Settings > Data Inputs > VulDB
, then click onDelete
underActions
. This will not delete any VulDB entries that are already stored in your Splunk instance. - Delete the cursor folder located by default at
$SPLUNK_HOME/var/lib/splunk/modinputs/VulDB
. In case you are using Windows for your Splunk installation or deployed a custom directory structure, adapt the path accordingly. - Go to
Settings > Data Inputs > VulDB
and click the green button labeledNew
. - Here you may define a new date for your pointer. This defines how far from the past recent entries should be fetched. Enter the desired date in the field
Fetch data since
with the formatYYYY-MM-DD
(other date formats are not supported). For example2024-12-01
for the 1st of December 2024.
Обновлено: 19.07.2024 по VulDB Documentation Team