Solved: differences between warm and cold buckets?

jeff · ‎03-29-2012

In Splunk 4.3 (if it matters), besides it's location, is there any difference between a warm and a cold index bucket? Either in its structure or in how Splunk accesses/searches/processes them?

ChrisG · ‎03-29-2012

Both warm and cold buckets are searchable; the differences are location and age. You configure the thresholds in indexes.conf. See How Splunk stores indexes and Back up indexed data in the documentation for more information.

View solution in original post

ChrisG · ‎03-29-2012

Both warm and cold buckets are searchable; the differences are location and age. You configure the thresholds in indexes.conf. See How Splunk stores indexes and Back up indexed data in the documentation for more information.

jeff · ‎04-09-2012

Accepting this answer, since it more or less answered what I asked. Though, technically the only real difference seems to be location. Splunk rolls warm-to-cold based on age, but there's nothing in the structure of the buckets that would prevent manually moving one to the other, for instance. The real benefit of warm-to-cold would be in the ability to use less-expensive / slower storage for cold buckets which, in theory, would need to be accessed less often.

differences between warm and cold buckets?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!