Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I save data when moving from warm to cold buckets?

jananth1
Engager
‎08-04-2015 07:32 AM

Hi,

I want to figure out a way to backup the Splunk data when the index is transferring from a Warm bucket to a cold bucket. Preferably I would like a trigger to back up all the stuff in the warm bucket when it's about to be moved to a cold bucket.

Tags (3)
0 Karma
Reply

somesoni2
Revered Legend
‎08-04-2015 09:47 AM

Any specific reason to save the warm buckets?

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎08-04-2015 09:09 AM

The first thought, that comes to mind, is to use rsync on a cron schedule that a little aggressive so you can make sure that you aren't ever missing any buckets.

rsync -a -v --ignore-existing src dst

-a archive mode
-v verbose mode
--ignore-existing skip updating files (since warm buckets are read only anyways)

This will allow you to copy to remote location - rsync will check to see if there are buckets that haven't been copied, and if they aren't, it will copy them.

To be honest though, this is just an idea. I'm sure there are lots of ways to do this.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...