Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Index Rotation & Backup Calculator

ruiaires
Path Finder
‎03-03-2011 01:00 PM

Hi all,

I've developed an Index Calculator Excel (in Google Spreadsheet) to help manage a multiple Index system with several log rotation policies and calculate stuff like maxWarmDBCount, frozenTimePeriodInSecs and maxTotalDataSizeMB.

This calculator allows allocating space individually for each index, input the current daily usage and estimate when (number of days) the space will run out. A Required Date Span for warm buckets can also be defined to suggest a maxWarmCount setting.

It manages 2 separate storages, one for Hot+Warm and other for Cold buckets.

I think this might be useful to share here or in the Splunk Wiki...

My question is: do you think this tool is accurate and can be usefull for others to use ?

Any comments are appreciated 😉

You can see and copy the document in here: http://goo.gl/SQQiY

Thanks

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎03-05-2011 12:32 AM

This seems like a good idea (I haven't looked at it) but note that 4.2 is coming out soon and it will have several additional index parameters for setting and controlling indexing sizes, so you may want to take a look at the new docs and spec file to see about updating it.

0 Karma
Reply

MuS
Legend
‎03-03-2011 01:14 PM

Hi ruiaires

At first glace it really looks nice. did you cross check it with the information from here http://www.splunk.com/wiki/Deploy:BucketRotationAndRetention

regards

Reply

ruiaires
Path Finder
‎03-03-2011 01:57 PM

The ideia is to play around with different scenarios, change values and keep them updated as you are monitoring REAL DATA (data usage peaks in the time span of a year are very common on some systems) so there is a need to constantly review the calculations.... a ready to use excel does the trick 😉

0 Karma
Reply

ruiaires
Path Finder
‎03-03-2011 01:57 PM

Yes! I read ALL the documentation, wiki pages and answers in here.

It's all great stuff, but there is never any mention of multi-index calculations, specially when you have to prioritize and define "allocated" space in terms of the criticalness of each index and the "desired/required" timespan of available "warm" data (without going over the available disk!)

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...