Re: Log Archive

ssingh5 · ‎02-20-2012

Hi,

I am testing automatic Log Archiving for my Splunk Deployment. i am testing this on one of my single index named OS.

For auto Archiving i have configured "coldToFrozenDir = $SPLUNK_DB2_Frozen/Archive/os" the location where i want to archive the data for OS index.

Along with that i have configured following paramenter in my customizied Indexes.conf file to test Archiving by rolling data from hot/warm/cold to frozen to check some data at my archiving location.But i coud not able to see any data in my archiving location can any one please let me know where i am worng and how should i configre this ?

[os]
homePath = $SPLUNK_DB2/os/db
coldPath = $SPLUNK_DB2/os/colddb
thawedPath = $SPLUNK_DB2/os/thaweddb
coldToFrozenDir = $SPLUNK_DB2_Frozen/Archive/os
maxHotBuckets = 5
maxHotSpanSecs = 3600
maxHotBuckets = 1
maxDataSize = 100
maxTotalDataSizeMB = 2000
frozenTimePeriodInSecs = 3600

Brian_Osburn · ‎02-20-2012

Is $SPLUNK_DB2_Frozen actually defined anywhere in your environment?

Brian

ssingh5 · ‎02-20-2012

Yes Brian $SPLUNK_DB2_Frozen has been defined in /etc/splunk-launch.conf file.

Log Archive

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation