Solved: What is behind the volume reported by _thefishbuck...

the_wolverine · ‎06-23-2010

I'm running Splunk version 4.1.3 and am seeing a significant volume being reported in _thefishbucket index. This is confusing as my understanding is fishbucket is no longer an index as of Splunk version 4.x.

Mick · ‎06-24-2010

Currently this looks like a bug around the metrics monitoring, as no data should be written to _thefishbucket index. It used to be used as the repository for keeping track of monitored file information, but has since been replaced by the btree tracking method.

We'll update this again once we know exactly what's happening here

View solution in original post

Mick · ‎06-24-2010

Currently this looks like a bug around the metrics monitoring, as no data should be written to _thefishbucket index. It used to be used as the repository for keeping track of monitored file information, but has since been replaced by the btree tracking method.

We'll update this again once we know exactly what's happening here

the_wolverine · ‎06-24-2010

Rest assured that the volume reported as being indexed to _thefishbucket does NOT count against your license.

What is behind the volume reported by _thefishbucket index?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas