Solved: Re: index data missing in a particular time period...

Reethika · ‎06-30-2020

So data of an index missing from a 30thmay to 20th june. I was crosschecking it through epoch time of missing period. I could files in index/db/

What does these files mean?

-rw------- 1 root root 0 Jun 10 00:16 rb_1591740508_1591694190_1481_B0964DEC-509D-40A9-A451-529E6E725A5F.rbsentinel
drwx------ 3 root root 4096 Jun 10 09:11 rb_1591743776_1591657655_2201_7934D4E6-9F8E-4A10-9002-279FAC932938

But still data isn't reflecting on search.

Is my troubleshooting wrong for missing indexes. Any recommended troubleshooting?

Thanks.

richgalloway · ‎06-30-2020

The "rb_" says these are replicated buckets.
The "rbsentinel" file is used for directory locking.
The second directory is for data between 8 June 20 23:05:35Z and 9 June 20 23:02:56Z.
The part after the last "_" is the GUID of the originating indexer.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎06-30-2020

The "rb_" says these are replicated buckets.
The "rbsentinel" file is used for directory locking.
The second directory is for data between 8 June 20 23:05:35Z and 9 June 20 23:02:56Z.
The part after the last "_" is the GUID of the originating indexer.

---
If this reply helps you, Karma would be appreciated.

index data missing in a particular time period.

data model

summary indexing

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!