Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Do the resulting files from a "dump" command have a TTL?

actionabledata
Path Finder
‎06-06-2022 10:49 AM

Do the resulting files from a "dump" command have a TTL? I think they must since the files I created on Friday no longer exist.

Here is the search I am using to create the files.

 

index = “myIndexName” sourcetype=”mySourcetype” myFilterField IN(123ABC, 456DEF, 789GHI)
| dump basefilename= ABCCorp_06-06-22_0800_01330_ rollsize=1000 compress=5 format=raw
| table *

 

 

Thank you.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

actionabledata
Path Finder
‎06-10-2022 05:47 AM

Thanks Jamie.

Yeah, I saw that and made the same assumptions but couldn't find a definitive answer. Through a few not-so-scientific experiments, I found the TTL to be longer than 15 min but less than 3 hrs ... but the files DO go away.

Thanks, Greg (ActionableData)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jamie00171
Communicator
‎06-08-2022 11:06 AM

Hi @actionabledata 

Based on where the documentation: https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Dump#Usage

states they are stored: "$SPLUNK_HOME/var/run/splunk/dispatch/<sid>/dump/

I'd assume they have the same TTL as the rest of the search artifacts which is believe is 15 minutes by default for an ad-hoc search or 2 times the scheduled period for a savedsearch. 

Thanks, 

Jamie

Reply
Solved! Jump to solution
Solution

actionabledata
Path Finder
‎06-10-2022 05:47 AM

Thanks Jamie.

Yeah, I saw that and made the same assumptions but couldn't find a definitive answer. Through a few not-so-scientific experiments, I found the TTL to be longer than 15 min but less than 3 hrs ... but the files DO go away.

Thanks, Greg (ActionableData)

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...