Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Reduce size of index after amount of time

gpareesi11
Path Finder
‎03-09-2016 07:01 AM

Hi,
I'm currently looking if it possible to reduce the amount of data store in index after 6 months.

Example:
I'm collecting CPU performance metric at each second for my server, after 6 months is it possible to reduce the size by keeping only CPU performance metric on 5 minutes interval for the next 6 months ?

Thank you

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2016 09:32 AM

Once data is indexed it cannot be deleted until the whole bucket ages out. There is a delete command, but it hides data rather than remove it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gpareesi11
Path Finder
‎03-09-2016 09:44 AM

I understand this part, but when the bucket ages out, I don't need to delete everything but keep a different log interval to reduce the amount of data kept on storage.

I still need some dashboard and report but based on 5 minutes log interval instead of 1 second ?

Thank you

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2016 09:58 AM

Consider a summary index. Sample your 6-month-old data at 5-minute intervals and write it to a summary index with its own 6-month lifespan.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gpareesi11
Path Finder
‎03-09-2016 10:05 AM

Great thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...