Home Business Analyst BA Agile Coach Splunk Indexes Explained | Indexes.conf | Splunk Buckets | Hot, warm, cold,...

Splunk Indexes Explained | Indexes.conf | Splunk Buckets | Hot, warm, cold, frozen, thawed

By
Thetips4you
-
11
0



#Splunk, #Splunkindexes, #Splunktutorial As the indexer indexes your data, it creates a number of files:

The raw data in compressed form (the rawdata journal)
Indexes that point to the raw data (tsidx files)
Some other metadata files

Together, these files constitute the Splunk Enterprise index. The files reside in sets of directories, or buckets, organized by age. Each bucket contains a rawdata journal, along with associated tsidx and metadata files.

A bucket moves through several states as it ages:

hot
warm
cold
frozen
thawed

https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/HowSplunkstoresindexes#How_data_ages

To create new index using command line

./splunk add index newindex

the location on non default indexes configuration files.

/opt/splunk/etc/apps/search/local/indexes.conf

create a new index using indexes.conf file parameters:

coldPath = $SPLUNK_DB/newindex/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/newindex/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/newindex/thaweddb

Remove splunk index using command line:
splunk remove index test

clean the indexed data in to a specific index:

splunk stop
splunk clean eventdata -index newindex

index=’newindex” sourcetype=”xxxx” | delete
check the authorize.conf file if there is any permission issue to delete the indexed data:

/opt/splunk/etc/system/local/authorize.conf
deleteIndexesAllowed = *;main,newindex

Attributes for index buckets: https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Configureindexstorage

indexes.conf : https://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf?utm_source=answers&utm_medium=in-answer&utm_term=indexes.conf&utm_campaign=refdoc

=================================================
Follow me @:
https://www.instagram.com/thetips4you
https://www.youtube.com/channel/UCoOq…
https://www.facebook.com/thetipsforyou
http://www.thetips4you.com
======================================================

Note: Each word by Word or sentences used in this video is self written and converted to Audio to give explanation on the steps in each tutorial . These are not automated or third party content or scrapped from any website.

Music credit: “Royalty Free Music from Bensound”

source

Previous articleAmazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS Tutorial | Edureka
Next articleAppDynamics Micro Demo: Kubernetes | AppDynamics
Thetips4you

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here