Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk-optimize Warning ...

MikeyG
Explorer
‎04-07-2010 12:47 PM

Can't find a reference to the following error. What does it mean and how do I fix it?

Indexing Significant Warns:

WARN timeinvertedIndex - splunk-optimize failed to start for index /opt/splunk/var/lib/splunk/defaultdb/db/hot_quar_v1_17

Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-07-2010 02:33 PM

There is nothing to fix if it's rare. It just means that Splunk was busy at the time it would otherwise have run an optimization on the indexed data. Optimization runs frequently to improve the way data is stored in the index as new data gets added.

If the warning occurs regularly, it is a sign that your system is overloaded. If the warning occurs more often than every few minutes, your indexed data may not be well optimized which will lead to slower searches over that data.

View solution in original post

Reply
Solved! Jump to solution

tpaulsen
Contributor
‎05-11-2010 12:40 PM

The splunk-optimize process can´t run on that subdirectory, since it doesn´t exist. Even if i create it manually, splunk-optimize won´t notice, except by creating another error:

05-11-2010 13:10:40.476 ERROR databasePartitionPolicy - Index is empty refusing to move. oldDirPath=/opt/splunk/splunk/var/lib/splunk/fishbucket/db/db-hot

The other message is still there:

05-11-2010 14:33:52.045 WARN  timeinvertedIndex - splunk-optimize failed to start for index /opt/splunk/var/lib/splunk/fishbucket/db/db-hot
0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-07-2010 02:33 PM

There is nothing to fix if it's rare. It just means that Splunk was busy at the time it would otherwise have run an optimization on the indexed data. Optimization runs frequently to improve the way data is stored in the index as new data gets added.

If the warning occurs regularly, it is a sign that your system is overloaded. If the warning occurs more often than every few minutes, your indexed data may not be well optimized which will lead to slower searches over that data.

Reply
Solved! Jump to solution

Mick
Splunk Employee
Splunk Employee
‎04-07-2010 12:47 PM

Sporadic failures are to be expected, as there are times when Splunk will be indexing heavily to a particular hot DB, and it won't always be the optimal time for splunk-optimize to run on that particular bucket.

If it's a consistent failure however, and splunk-optimize has never been able to run on that bucket, that may indicate a more serious problem with the data inside the bucket - a possible data corruption for example.

If it's a consistent message, you should file a case with the Splunk Support team and they will work with you to determine the root cause - http://www.splunk.com/page/submit_issue

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-07-2010 12:47 PM

If it's expected, why is it a failure?
What does it mean that it isn't an optimal time, is this a locking issue?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...