Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Frozen Index Management

adalbor
Builder
‎11-11-2019 10:29 AM

Is there an app/script/mechanism out there that would allow you to list your available frozen indices by their human readable date/timestamps and allow you to move them back to thawed state and rebuild?

Thanks!

0 Karma
Reply

radam2000
Path Finder
‎05-04-2020 11:50 AM

If the index is on linux, you can run this cli command in the frozen directory to list the human readable start and end dates/times for the buckets and pipe it to a txt file for review...

Format to list bucket names with start and end dates
ls -d1 db_* | gawk -F'_' '{print $0} {print " " strftime("%c", $3)} {print " " strftime("%c", $2)}'

sample output
db_1549387088_1541611191_68_9E0CD82F-4920-47E4-8142-B1FE5AD9E314
Wed 07 Nov 2018 12:19:51 PM EST
Tue 05 Feb 2019 12:18:08 PM EST
db_1549775541_1549387335_69_9E0CD82F-4920-47E4-8142-B1FE5AD9E314
Tue 05 Feb 2019 12:22:15 PM EST
Sun 10 Feb 2019 12:12:21 AM EST

Rich

0 Karma
Reply

fernanlee
Path Finder
‎11-11-2019 03:08 PM

Yes, of course:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Restorearchiveddata#Thaw_a_4.2.2B_archive

0 Karma
Reply

adalbor
Builder
‎11-12-2019 05:50 AM

That doesn't answer my question. Was looking for a script or an app that would allow me to list my available frozen indices and the date/timestamp in a human readable format. Something that would make validating the indices and thawing them easier.

0 Karma
Reply

adalbor
Builder
‎11-20-2019 07:46 AM

Any suggestions anyone?

Reply

adalbor
Builder
‎12-02-2019 06:22 AM

Any Splunk people have any suggestions?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...