Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

tsidx topologycruncy

baoctac
New Member
‎03-07-2016 08:18 AM

Sifting through the discussions about tsidx files, I still find myself confused on how these populate. Currently on my search head, there are 25GB in the tsidx/topologyCrunch directory. The only apps I have installed are Splunk App for AWS and Nessus. From the Settings > Report Acceleration Summary, no accelerations are configured.

My questions are: 1) how can i determine where these files are coming from, and 2) how do i go about removing them.

Thanks!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-08-2016 10:38 AM

These are coming from a tscollect command in one of your saved searches.

The saved search is probably called "topologyCronSearch".

To remove them, delete the saved search and restart OR disable the saved search and manually delete them from the file system. You should make sure you're not using anything related to the search first though. Most likely, Somewhere there is another search that's looking at these files. Removing the files will cause tstats commands that rely on them to begin failing.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-08-2016 10:38 AM

These are coming from a tscollect command in one of your saved searches.

The saved search is probably called "topologyCronSearch".

To remove them, delete the saved search and restart OR disable the saved search and manually delete them from the file system. You should make sure you're not using anything related to the search first though. Most likely, Somewhere there is another search that's looking at these files. Removing the files will cause tstats commands that rely on them to begin failing.

0 Karma
Reply
Solved! Jump to solution

baoctac
New Member
‎03-10-2016 09:25 AM

Awesome! Thanks jkat54. I found a reference under a saved search with the reference to 'namespace=topologyCronSearch'. looks like this search (called Config: Topology Data Generator) was set up alongside the Splunk App for AWS App.

0 Karma
Reply
Solved! Jump to solution

piebob
Splunk Employee
Splunk Employee
‎03-10-2016 10:50 AM

if this answered your question, please 'accept' it 🙂

0 Karma
Reply
Solved! Jump to solution

baoctac
New Member
‎03-10-2016 10:57 AM

Done. Thanks!

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎03-08-2016 06:32 AM

Can you give the full path to the folder in question please?

0 Karma
Reply
Solved! Jump to solution

baoctac
New Member
‎03-08-2016 06:34 AM

Hi,
The full path is /opt/splunk/var/lib/splunk/tsidxstats/topologyCronSearch

Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...