Knowledge Management

/ opt / splunk / var / lib / splunk / cold

isabelcarvajal
New Member

Hello

I like you help with validate what contain the Filesystem / opt / splunk / var / lib / splunk / cold, indicator wha it is used 100%.

thanks.

0 Karma

isabelcarvajal
New Member

Hello

If / opt / splunk / var / lib / splunk / cold, the indicator is used 100%, can it cause problems in some splunk functionality?

thanks

0 Karma

PowerPacked
Builder

Hi @isabelcarvajal

/ opt / splunk / var / lib / splunk -- filesystem holds data for all indexes like _internal, _introspection,_audit, main.

in each of these indexes, the data again is arranged based on the age ----- Hot, warm, cold, thawed

db folder ----- hot &warm data
colddb ----- cold data
thaweddb ----- restore frozen data which can be searched.

Please go through these doc for more understanding.
http://docs.splunk.com/Documentation/Splunk/7.1.1/Indexer/HowSplunkstoresindexes

& aging of the data can be explained in this doc.

https://wiki.splunk.com/Deploy:BucketRotationAndRetention

thanks

isabelcarvajal
New Member

Hello, I have one Question.

If this file system can be affected the operation of splunk?

Thanks for your answer

0 Karma

PowerPacked
Builder

what do you mean by affected ?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...