Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Are there any plans to add compaction of the internal index databases? and one extra related question.

mce128
Explorer
‎09-12-2013 03:06 PM

Hi,

I was just curious to know if adding the ability to compact the index databases is on the product timeline. It would be very nice to be able to compact the indexes of deleted data when neeeded. Albiet, that in a normally running system, it would only be used on a by exception basis as generally one is not actually deleting event records.

However, there are times when this would be a real life saver instead of having to fully remove and index and then re-index all of your files (if you even have them all for the time period.) After all, re-indexing everything with enough data could take days and throw you way over your license limits and thereby get your ability to search, etc locked out.

One other related question: Can you drop in an index from another host with everything intact, so that a particular host can take over that index as well? Or perhaps, process the index from another host into a newly created index?

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎09-12-2013 04:28 PM

Have you looked at what the Splunk coldToFrozenDir setting does? it will in fact archive Splunk data to a specific path, and those indexes can be rebuilt/thawed at no cost to license, though it will require time and CPU to rebuild. There is really no other compaction necessary or possible, unless you have been using the "delete" command a lot.

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...