Getting Data In

Frozen Index Management

adalbor
Builder

Is there an app/script/mechanism out there that would allow you to list your available frozen indices by their human readable date/timestamps and allow you to move them back to thawed state and rebuild?

Thanks!

0 Karma

radam2000
Path Finder

If the index is on linux, you can run this cli command in the frozen directory to list the human readable start and end dates/times for the buckets and pipe it to a txt file for review...

Format to list bucket names with start and end dates
ls -d1 db_* | gawk -F'_' '{print $0} {print " " strftime("%c", $3)} {print " " strftime("%c", $2)}'

sample output
db_1549387088_1541611191_68_9E0CD82F-4920-47E4-8142-B1FE5AD9E314
Wed 07 Nov 2018 12:19:51 PM EST
Tue 05 Feb 2019 12:18:08 PM EST
db_1549775541_1549387335_69_9E0CD82F-4920-47E4-8142-B1FE5AD9E314
Tue 05 Feb 2019 12:22:15 PM EST
Sun 10 Feb 2019 12:12:21 AM EST

Rich

0 Karma

fernanlee
Path Finder
0 Karma

adalbor
Builder

That doesn't answer my question. Was looking for a script or an app that would allow me to list my available frozen indices and the date/timestamp in a human readable format. Something that would make validating the indices and thawing them easier.

0 Karma

adalbor
Builder

Any suggestions anyone?

adalbor
Builder

Any Splunk people have any suggestions?

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...