Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Data Retention - can we copy frozendb to tape?

scott778
Explorer
‎10-28-2015 12:19 PM

Is it possible to archive frozendbs to tape and pull that data back for splunk to read at a later date?

For example, I'd like to do something like this.

All data has to be retained for 3 years.

Warm / Hot Dbs = 3 months
frozendb = 1 year
Frozendb is backed up to tape once per year.

0 Karma
Reply

the_wolverine
Champion
‎10-28-2015 01:07 PM

You can copy frozendb to any location that you like. Just make sure you can pull the data out of it when you need it.

Reply

scott778
Explorer
‎10-28-2015 02:17 PM

How could we restore that data? If we had to pull a tape back from 2 years ago could I point a new index at the frozendb folder from 2 years ago and run queries?

0 Karma
Reply

the_wolverine
Champion
‎10-28-2015 02:26 PM

You have to manually copy the data to the thawedb directory. The thaw directory is configured in indexes.conf. Please refer to the documentation as the process is a bit more involved than that:

http://docs.splunk.com/Documentation/Splunk/6.3.0/Indexer/Restorearchiveddata

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...