Knowledge Management

Restoring Multiple buckets from frozen directory


Hi , Currently i am restoring multiple buckets from frozen directory and getting issues.

I copied the identified buckets from frozen db to thawed db.

Then i am using this script as mentioned in the answer

My question is where do i need to run this script is in frozen directory or in tmp directory i am not sure where to run this script , when i try to run from frozen db its creating some buckets with end name as tmp not sure what that means ?

Is their any script do we have what can tell us if their is any conflicting bucket or not if their it will rename those buckets ?

Tags (2)
0 Karma

Super Champion

Hi @ram254481493,

The link you shared isn't working for me. Please follow this guide to restore your identified archived bucket :

The splunk rebuild command should do the trick for you, you can run it from anywhere since it has to specify the exact location of the bucket you wish to restore :

splunk rebuild %SPLUNK_HOME%\var\lib\splunk\defaultdb\thaweddb\db_1181756465_1162600547_1001

You shouldn't have any conflicting buckets as those buckets are already frozen, so they shouldn't be in Splunk. If they are then nothing will get replaced since the data is already there.


0 Karma
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...