#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I just watched a storage vendor claim that "hot buckets are all in memory"....

lycollicott
Motivator
‎11-30-2017 11:35 AM

Does he know something I don't? I never heard that claim before.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎11-30-2017 12:09 PM

I've seen it done before, but by default, this is not correct.

You could show him /splunk/var/lib/splunk/<index_name>/db and view the hot buckets which are being written to disk..

View solution in original post

Reply
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎11-30-2017 12:09 PM

I've seen it done before, but by default, this is not correct.

You could show him /splunk/var/lib/splunk/<index_name>/db and view the hot buckets which are being written to disk..

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎11-30-2017 02:57 PM

Agreed, there are many amazing storage solutions, many of which cache in RAM invisibly, but this is storage tier magic (and very vendor/solution specific), not a general truth.

0 Karma
Reply
Solved! Jump to solution

lycollicott
Motivator
‎12-01-2017 05:36 AM

That's what I thought, too, but didn't want to call BS without a little research first.

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎11-30-2017 11:44 AM

If you are brave enough to use tmpfs for your hot storage, then yes 😉
Maybe this claim was related to the storage system has some internal cache which keeps open files in its internal memory before writing to disk? ¯\_(ツ)_/¯

0 Karma
Reply
Solved! Jump to solution

lycollicott
Motivator
‎12-01-2017 05:40 AM

LOL, yeah. We're getting a Webex demo from them this month, so I'm going to watching for it.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...