Solved: Re: Universal Forwarder Fishbucket growing.

NHLaurent · ‎11-21-2018

Hi All,

The UF (6.6.2) on our AIX server has an issue where the fishbuckets are growing in size 3gb + even after setting the file_tracking_db_threshold_mb = 500.
Is there a way to invoke a retirement policy?
If we reduce the value to 200, I understand this will in turn create smaller multiple buckets not necessarily solve the issue but will those buckets age out sooner.

Thanks

NHLaurent · ‎11-27-2018

Well It seems to have been a bug with AIX and UF version 6.6.2. We upgrade one to 7.1.2 and seems to have resolved the issue.

View solution in original post

NHLaurent · ‎11-27-2018

Well It seems to have been a bug with AIX and UF version 6.6.2. We upgrade one to 7.1.2 and seems to have resolved the issue.

ddrillic · ‎11-26-2018

@yannK spoke about it at Why is fishbucket getting really big on my Universal Forwarder?

He said -

-- It's like thermodynamics, the fishbucket/btree is the entropy of your file system. It can only grow with the time.

So, it's interesting to see the complexity of your monitoring set-up.

-- Remark : as we maintain a backup copy, the disk space used is actually 2 times the limit, and sometimes 3 times the limit when a temporary file if generated for the new backup.

But this remark doesn't explain your 3gb + of usage.

Universal Forwarder Fishbucket growing.

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Splunk Observability Cloud | Enhancing Your Onboarding Experience with the ...