Re: Has anyone used coldToFrozenScript in indexes....

sbhat13 · ‎07-11-2016

We need to do indexer archiving. We have a clustered environment with 4 Search Heads and 4 indexers each. Can anyone suggest if you have ever tried the option of using coldToFrozenScript in the indexes.conf? If yes, let me know what details have to be mentioned there and how can it be used.

Thanks,
Soumya

kpawar_splunk · ‎07-13-2016

You can find information about splunk indexer archiving here : http://docs.splunk.com/Documentation/Splunk/6.4.2/Indexer/Automatearchiving
Indexes.conf settings related to coldToFrozenScript are mentioned here : http://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Indexesconf

sbhat13 · ‎07-18-2016

I have referred the docs and noticed that the sample script is available for this in the Splunk Enterprise product.But I am not sure of what all parameters need to be added/changed in this script for it to work in our case.We have a linux server hosting splunk in clustered environment.Some simple example would be easier to understand.
cat /opt/splunk/bin/coldToFrozenExample.py

Has anyone used coldToFrozenScript in indexes.conf for archiving in an indexer clustering environment?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7