What is the command to reset the fishbucket for one source?
What is the command to reset the fishbucket for one source?
To reset the fishbucket for a single source in Splunk, the appropriate command to use is 'splunk cmd btprobe -d SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db --file <source> --reset'. This command targets the fishbucket specifically for a given source and resets it, without affecting other data sources.
Splunk system admin slides page 141 CLEARLY shows that to reset individually for each source using the below command splunk cmd btprobe -d SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db --file <source> --reset
Answer is C. B is for reset all sources
C: seems to be the best answer, but the --file <argument> is missing before --reset.