Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Restoring Multiple buckets from frozen directory

ram254481493
Explorer
‎08-02-2019 11:14 PM

Hi , Currently i am restoring multiple buckets from frozen directory and getting issues.

I copied the identified buckets from frozen db to thawed db.

Then i am using this script as mentioned in the answer https://answers.splunk.com/answers/120007/thawing-out-multiple-buckets-at-once.html.

My question is where do i need to run this script is in frozen directory or in tmp directory i am not sure where to run this script , when i try to run from frozen db its creating some buckets with end name as tmp not sure what that means ?

Is their any script do we have what can tell us if their is any conflicting bucket or not if their it will rename those buckets ?

Tags (2)
0 Karma
Reply

DavidHourani
Super Champion
‎08-04-2019 01:10 AM

Hi @ram254481493,

The link you shared isn't working for me. Please follow this guide to restore your identified archived bucket :

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Restorearchiveddata#.2Anix_users

The splunk rebuild command should do the trick for you, you can run it from anywhere since it has to specify the exact location of the bucket you wish to restore : 

splunk rebuild %SPLUNK_HOME%\var\lib\splunk\defaultdb\thaweddb\db_1181756465_1162600547_1001

You shouldn't have any conflicting buckets as those buckets are already frozen, so they shouldn't be in Splunk. If they are then nothing will get replaced since the data is already there.

Cheers,
David

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...