Solved: What is the syntax for rolling hot buckets to warm...

the_wolverine · ‎05-18-2011

What is the syntax, please?

the_wolverine · ‎05-18-2011

From the CLI:

./splunk _internal call /data/indexes/<index_name>/roll-hot-buckets –auth <admin_username>

(you will be prompted for the password)

View solution in original post

the_wolverine · ‎05-18-2011

From the CLI:

./splunk _internal call /data/indexes/<index_name>/roll-hot-buckets –auth <admin_username>

(you will be prompted for the password)

hanijamal · ‎04-20-2016

what is the command or procedure to roll buckets on windows?

wrangler2x · ‎02-01-2013

If you do this when you have splund off it does not work. If you do this when it is running, though it creates a new cold bucket you still have a hot one. If you are trying to move the index, how do you do that when the documentation says not to copy hot buckets?

joxley · ‎01-06-2015

http://wiki.splunk.com/Community:MoveIndexes

wwhitener · ‎09-29-2011

This is for 4.x.

For 3.4.5 it is:

/opt/splunk/bin/splunk search '| oldsearch !++cmd++::roll' -auth :

What is the syntax for rolling hot buckets to warm via cli?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!