All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use shuttl to archive frozen data in local FS

alanwill
Explorer
‎12-03-2013 06:44 PM

I'm trying to implement shuttl in our day to day Splunk workflow and in setting it up, it looks like it would shuttl my cold data to the new frozen location, say S3. However I already have many terabytes of frozen data stored locally that I'd like to shuttl to S3, can I still use shuttl for this?

The idea would be to copy the existing local mounted SAN frozen archives to S3, then use the coldToFrozenScript from then on to move directly to S3.

How can I do this? Thanks,
alan

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Petter_Eriksson
Splunk Employee
Splunk Employee
‎12-04-2013 11:25 AM

You could setup Shuttl and call its copy/freeze scripts manually.

Here's how you do it:
1. Install and configure Shuttl.
2. Start Splunk and make sure Shuttl is running by looking at the Shuttl dashboard.
3. call $SPLUNK_HOME/etc/apps/shuttl/bin/warmToColdScript.sh /absolute/path/to/bucket /absolute/path/to/bucket
And your buckets should now be copied.

And yes, I've written "/absolute/path/to/bucket" twice. That's because usually when you use that script, you want to move the bucket from Splunk's warm to cold directory.

Alternative: Use this modified script, placed in Shuttl's bin directory: https://gist.github.com/petterik/7793825
Call it with a single argument of the bucket's absolute path. Installing, configuring and starting Shuttl is still needed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Petter_Eriksson
Splunk Employee
Splunk Employee
‎12-04-2013 11:25 AM

You could setup Shuttl and call its copy/freeze scripts manually.

Here's how you do it:
1. Install and configure Shuttl.
2. Start Splunk and make sure Shuttl is running by looking at the Shuttl dashboard.
3. call $SPLUNK_HOME/etc/apps/shuttl/bin/warmToColdScript.sh /absolute/path/to/bucket /absolute/path/to/bucket
And your buckets should now be copied.

And yes, I've written "/absolute/path/to/bucket" twice. That's because usually when you use that script, you want to move the bucket from Splunk's warm to cold directory.

Alternative: Use this modified script, placed in Shuttl's bin directory: https://gist.github.com/petterik/7793825
Call it with a single argument of the bucket's absolute path. Installing, configuring and starting Shuttl is still needed.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...