Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

index data missing in a particular time period.

Reethika
Path Finder
‎06-30-2020 10:06 AM

So data of an index missing from a 30thmay to 20th june. I was crosschecking it through epoch time of missing period. I could files in  index/db/  

What does these files mean?

-rw------- 1 root root     0 Jun 10 00:16 rb_1591740508_1591694190_1481_B0964DEC-509D-40A9-A451-529E6E725A5F.rbsentinel
drwx------ 3 root root  4096 Jun 10 09:11 rb_1591743776_1591657655_2201_7934D4E6-9F8E-4A10-9002-279FAC932938

But still data isn't reflecting on search.

Is my troubleshooting wrong for missing indexes. Any recommended troubleshooting? 

 

Thanks.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2020 10:40 AM
The "rb_" says these are replicated buckets.
The "rbsentinel" file is used for directory locking.
The second directory is for data between 8 June 20 23:05:35Z and 9 June 20 23:02:56Z.
The part after the last "_" is the GUID of the originating indexer.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2020 10:40 AM
The "rb_" says these are replicated buckets.
The "rbsentinel" file is used for directory locking.
The second directory is for data between 8 June 20 23:05:35Z and 9 June 20 23:02:56Z.
The part after the last "_" is the GUID of the originating indexer.
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...