Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Deployment Architecture
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Roll buckets that are in "Cannot fix search co...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
alonsocaio
Contributor
07-26-2019
04:41 AM
Is there any way to automatically roll buckets that are in the "Cannot fix search count as the bucket hasn't rolled yet" state? Every time that any of my indexers restarts It causes some buckets to stay in fixing mode because they have not rolled yet.
This is causing some impact my Enterprise Security performance, since some of the correlation searches will not run when I have lots of buckets in fixing mode.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
codebuilder
Influencer
07-26-2019
07:11 AM
You can manually roll all hot buckets from hot to warm at the index level:
splunk _internal call /data/indexes/<index_name>/roll-hot-buckets -auth <admin_username>:<admin_password>
----
An upvote would be appreciated and Accept Solution if it helps!
An upvote would be appreciated and Accept Solution if it helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
codebuilder
Influencer
07-26-2019
07:11 AM
You can manually roll all hot buckets from hot to warm at the index level:
splunk _internal call /data/indexes/<index_name>/roll-hot-buckets -auth <admin_username>:<admin_password>
----
An upvote would be appreciated and Accept Solution if it helps!
An upvote would be appreciated and Accept Solution if it helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
alonsocaio
Contributor
07-29-2019
05:14 AM
Thanks, I guess that this will help me!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
muizash
Path Finder
11-10-2019
07:39 PM
Where to run this command?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
codebuilder
Influencer
11-11-2019
06:46 AM
On the indexers.
----
An upvote would be appreciated and Accept Solution if it helps!
An upvote would be appreciated and Accept Solution if it helps!
Get Updates on the Splunk Community!
Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco
The Defining Technology Movement of Our Lifetime
The advent of agentic AI is arguably the defining technology ...
Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data
In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...
Your summer travels continue with new course releases
Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
