Deployment Architecture

Is it doable to set all the indexes in one frozenpath and archive all its data in S3 glacier?

ejmin
Path Finder

Hi splunkers,

Is it possible to have all of the indexes have a one frozen directory path setup in archiving to Amazon S3 glacier? Can anyone of you share their thoughts in storing their data in amazon s3 glacier. It would be nice if  you teach me the architecture or what methods needs to be done in archiving data to S3 glacier. 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, it is doable, but not necessarily advisable.  I've seen customers do this and then struggle to locate data they wish to thaw.  With all Splunk buckets in a single S3 bucket, they have no idea which buckets belong to which index.  I recommend a different frozen path for each index for that reason.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it is doable, but not necessarily advisable.  I've seen customers do this and then struggle to locate data they wish to thaw.  With all Splunk buckets in a single S3 bucket, they have no idea which buckets belong to which index.  I recommend a different frozen path for each index for that reason.

---
If this reply helps you, Karma would be appreciated.
0 Karma

ejmin
Path Finder

Ok thanks for your input......

By the way had you ever done archiving to S3 glacier from frozen bucket?

Ill accept it as a solution for my question but Ill appreciate also if you will advise me a method or guide on how to setup this in automatic way like how the splunk forwarder works.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
As I answer your another question it’s doable. Unfortunately I haven’t link to it, but I think that you could find it by google.
r. Ismo
0 Karma

ejmin
Path Finder

Ok thanks @isoutamo  for your inputs.

 

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...