Solved: Is it doable to set all the indexes in one frozenp...

ejmin · ‎09-12-2020

Hi splunkers,

Is it possible to have all of the indexes have a one frozen directory path setup in archiving to Amazon S3 glacier? Can anyone of you share their thoughts in storing their data in amazon s3 glacier. It would be nice if you teach me the architecture or what methods needs to be done in archiving data to S3 glacier.

richgalloway · ‎09-12-2020

Yes, it is doable, but not necessarily advisable. I've seen customers do this and then struggle to locate data they wish to thaw. With all Splunk buckets in a single S3 bucket, they have no idea which buckets belong to which index. I recommend a different frozen path for each index for that reason.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎09-12-2020

Yes, it is doable, but not necessarily advisable. I've seen customers do this and then struggle to locate data they wish to thaw. With all Splunk buckets in a single S3 bucket, they have no idea which buckets belong to which index. I recommend a different frozen path for each index for that reason.

---
If this reply helps you, Karma would be appreciated.

ejmin · ‎09-12-2020

Ok thanks for your input......

By the way had you ever done archiving to S3 glacier from frozen bucket?

Ill accept it as a solution for my question but Ill appreciate also if you will advise me a method or guide on how to setup this in automatic way like how the splunk forwarder works.

isoutamo · ‎09-12-2020

As I answer your another question it’s doable. Unfortunately I haven’t link to it, but I think that you could find it by google.
r. Ismo

ejmin · ‎09-12-2020

Ok thanks @isoutamo for your inputs.

Is it doable to set all the indexes in one frozenpath and archive all its data in S3 glacier?

indexer

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?