Monitoring Splunk

DBinspect vs rest call

kiamyash
Engager

I am running 2 search:

 

| rest splunk_server=* /services/data/indexes-extended | search title = _internal
| stats max(bucket_dirs.home.warm_bucket_count) by title

| dbinspect index=_internal | search state = warm | stats count

Both are run for all time, why am i getting different count of warm data.

Also, my max warm bucket count is restriceted to 450, while rest api call is giving me a no below this, dbinspect is giving me 2550. How is this possible.

Labels (1)
0 Karma

thambisetty
SplunkTrust
SplunkTrust

total number of buckets are depending on how many indexers you have and replication factor.

for example if you have 4 indexers, max total number of buckets would be 450*4.

I have run searches you have shared in my standard alone box. its giving exact same results.

dbinspect.pngrest.png

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...