Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

What is the difference between the dbinspect command and "_bkt"?

splunkreal
Influencer
‎09-13-2018 06:11 AM

Hello guys,

Could you let me know the difference in terms of buckets between :

| dbinspect *search* and *search* | eval bkt=_bkt | table bkt ?
It looks like dbinspect returns more results and with a wider span. My aim is to remove buckets according to a specific search and timeframe.

Thanks.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunkreal
Influencer
‎09-14-2018 12:26 AM

Solved by support :

dbinspect take it data from the metadata
_bkt from from the search process.

the metadata can be update when we search but you
will search on your old generation id.

* If this helps, please upvote or accept solution if it solved *

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

splunkreal
Influencer
‎09-14-2018 12:26 AM

Solved by support :

dbinspect take it data from the metadata
_bkt from from the search process.

the metadata can be update when we search but you
will search on your old generation id.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎09-14-2018 04:21 AM

Can you accept your answer please? That will make this clear that you've answered your own question

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Reply
Solved! Jump to solution

splunkreal
Influencer
‎09-14-2018 05:24 AM

"We're sorry, but you cannot vote on your own post." 🙂

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎09-14-2018 05:42 PM

Correct, but as per How to earn Karma you will get some points and you can up-vote anyone else's posts 🙂

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎09-13-2018 04:13 PM

What are you trying to achieve by removing buckets?
You've also only posted a single search query mentioning dbinspect, dbinspect lists buckets on a per-index basis including replicated buckets.

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...