All Apps and Add-ons

what is the Index process ?

prasadjvv522
Explorer

Hi All,

I am new to splunk, in my organization having splunk.last one week onwards splunk having issues like

Daily indexing volume limit exceeded today.

License warning issued within past 24 hours (Mon Sep 22 00:00:00 2014 PDT). See License Manager for details.

Daily indexing volume limit exceeded. See License Manager for details.
I am searched some log files, in that volume exceeded.

My Question is

How the indexing is done, and which data should be indexing, where to find the indexed data and pocedure ?

Please help me.

Thanks,
Prasad

0 Karma
1 Solution

Ayn
Legend

Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.

View solution in original post

Ayn
Legend

Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.

prasadjvv522
Explorer

Any specific config file for index directories ?
i found only index files in "/opt/splunk/var/lib/splunk/defaultdb/db"
some files are having over indexing (more then 2GB )...
I need to find the which directories having over indexing ?

Thanks

0 Karma

Ayn
Legend

With all due respect it seems you need to take a course on how to operate Splunk first of all. You can see what data inputs are configured in Settings -> Data inputs. License violations are generated due to that more data has been indexed than what the license allows. This does NOT go away if you try to delete data. What you need to do is figure out which source(s) is sending excessive amounts of data and do something about it. This can be done for instance in the "License usage" view, available from the "Licensing" view in settings.

piebob
Splunk Employee
Splunk Employee

here is some information in the documentation about licensing and license violations:
http://docs.splunk.com/Documentation/Splunk/6.1.3/Admin/HowSplunklicensingworks

here is some information about how to get data into Splunk: http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor

0 Karma

prasadjvv522
Explorer

Thanks for your quick responce Ayn,

How to find the what directories it is configured to index ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...