Solved: How many hot buckets do I have?

bsteelz93 · ‎11-03-2011

Is there an easy to way to tell how many hot,warm and cold buckets I have?

Also I see if you set the maxDataSize to auto then it will keep a bucket size at 750mb. What if you data is less then 750mb? Let's say your data size is 10mb per day. Should you modify the maxDataSize to optimize searches as well as retention periods? Should the setting be exactly 10mb or is there another recommended number? What happens if I am receving above the 750mb? Let's 1 gb. Should I manually set exactly 1gb or should I still use auto in this case or is there a different number I should set?

lpolo · ‎11-03-2011

yes. Use the following search command and select time=all time

|dbinspect index=index_name

Example:

|dbinspect index=main

then see the result set it is self explanatory.

Cheers.
Lp

View solution in original post

lpolo · ‎11-03-2011

yes. Use the following search command and select time=all time

|dbinspect index=index_name

Example:

|dbinspect index=main

then see the result set it is self explanatory.

Cheers.
Lp

How many hot buckets do I have?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

How many hot buckets do I have?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?