Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: what is the Index process ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I am new to splunk, in my organization having splunk.last one week onwards splunk having issues like
Daily indexing volume limit exceeded today.
License warning issued within past 24 hours (Mon Sep 22 00:00:00 2014 PDT). See License Manager for details.
Daily indexing volume limit exceeded. See License Manager for details.
I am searched some log files, in that volume exceeded.
My Question is
How the indexing is done, and which data should be indexing, where to find the indexed data and pocedure ?
Please help me.
Thanks,
Prasad
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any specific config file for index directories ?
i found only index files in "/opt/splunk/var/lib/splunk/defaultdb/db"
some files are having over indexing (more then 2GB )...
I need to find the which directories having over indexing ?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With all due respect it seems you need to take a course on how to operate Splunk first of all. You can see what data inputs are configured in Settings -> Data inputs. License violations are generated due to that more data has been indexed than what the license allows. This does NOT go away if you try to delete data. What you need to do is figure out which source(s) is sending excessive amounts of data and do something about it. This can be done for instance in the "License usage" view, available from the "Licensing" view in settings.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
here is some information in the documentation about licensing and license violations:
http://docs.splunk.com/Documentation/Splunk/6.1.3/Admin/HowSplunklicensingworks
here is some information about how to get data into Splunk: http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your quick responce Ayn,
How to find the what directories it is configured to index ?
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
Unlock What’s Next: The Splunk Cloud Platform at .conf25
