Deployment Architecture

Manual rollover

sdaa
Explorer

It's possible from 4.1.5 to roll over indexes manually with ./splunk _internal call /data/indexes/<index_name>/roll-hot-buckets –auth <admin_username>:<admin_password>

So it would be possible to add this as a cron job for this to appear on a weekly basis. But then you need to add a user with admin role and the password for this user in clear.

It would be nice to let splunk itself run this command from a saved search, or as an internal command. There is already an internal cron running for splunk, creating reports and searches.

Does such feature exist or on the roadmap?

gkanapathy
Splunk Employee
Splunk Employee

In general it would be desirable to do this. You can in fact create a custom search command that is passed a login token: http://answers.splunk.com/questions/6707/splunk-admin-credentials-in-scripted-input and schedule that from within Splunk.

However, to your particular point, why are you doing this? Is it for backup purposes? It's generally a bad idea to roll indexes before they're ready, as it can cause long-term degradation in search performance over the data. If you're concerned about hot buckets remaining open for too long without being backed up or closed, it would be better to set the maxHotIdleSecs to something like 86400 (1 day).

sdaa
Explorer

The purpose for my question is for backup purposes yes. I would like to have a predictable roll-over of hot buckets so I know that data in the hot buckets is no older than 7 days, as an example. The maxHotIdleSecs seems only to be working when the maxHotBuckets has been exceeded. Ie this is not predictable.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...