Solved: I just watched a storage vendor claim that "hot bu...

lycollicott · ‎11-30-2017

Does he know something I don't? I never heard that claim before.

skoelpin · ‎11-30-2017

I've seen it done before, but by default, this is not correct.

You could show him /splunk/var/lib/splunk/<index_name>/db and view the hot buckets which are being written to disk..

View solution in original post

skoelpin · ‎11-30-2017

I've seen it done before, but by default, this is not correct.

You could show him /splunk/var/lib/splunk/<index_name>/db and view the hot buckets which are being written to disk..

woodcock · ‎11-30-2017

Agreed, there are many amazing storage solutions, many of which cache in RAM invisibly, but this is storage tier magic (and very vendor/solution specific), not a general truth.

lycollicott · ‎12-01-2017

That's what I thought, too, but didn't want to call BS without a little research first.

MuS · ‎11-30-2017

If you are brave enough to use tmpfs for your hot storage, then yes 😉
Maybe this claim was related to the storage system has some internal cache which keeps open files in its internal memory before writing to disk? ¯\_(ツ)_/¯

lycollicott · ‎12-01-2017

LOL, yeah. We're getting a Webex demo from them this month, so I'm going to watching for it.

I just watched a storage vendor claim that "hot buckets are all in memory"....

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)