Deployment Architecture

What is the difference between rb bucket and db bucket?

aalhabbash1
Path Finder

Hi Splunker;

What is the difference between rb_* and db_* under splunk_cold and splunk_hot directory storage? you can see the example below.

rb_1564000917_1563984040_7538_0B51C6C4-28F7-4348-A8F4-51FD8D156178
db_1562576411_1562565181_7654_B0AF5CBE-9B45-46D7-B374-E398083AFE9E

And can I remove the rb bucket or not?

Regards

richgalloway
SplunkTrust
SplunkTrust

Buckets starting with "rb_" are replicated buckets - copies of buckets from other indexers in the cluster.
Do not delete them. If you do, Splunk will just re-create them.
Don't bother backing them up, either. You'll just waste backup time and storage. Splunk will re-create the rb buckets after the backup is restored.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...