...nother option would be to save the search to all cluster members and then use a cron job on each one to run the search and generate the namespace's tsidx files...?
Is there any other cleaner way to d...
We have a dashboard that I would like to use tstats to generate the data, and run a search ever 2 minutes using tscollect.
The problem I have discovered is that since each search head in the p...
...cceleration? The constraint that we have is to ensure the data items used for the searches all have to be CIM-compliant. However, TSIDX data only applies to index time data fields and NOT search time data f...
I can't seem to find information in the documentation as to where I can locate the generated tsidx files from my tscollect run are written to when I specify a namespace.
As I understand the splunk app for Enterprise Security creates a number of TSIDXnamespaces that are used to store summary statistical data used by the dashboards and correlation searches t...
How do I reclaim my disk space after deleting a large number of events from an index?
The Remove data from Splunk pages says:
Currently, piping to delete does not reclaim disk space...