...oldToFrozenscript.py
This will archivedata to a particular directory that we mention in indexes.conf.
However it faces problems in cases of clustered architecture due to same multiple buckets being c...
Hi,
Im looking to migrate readable archived data from a singlesite-multisite cluster to a standalone instance for a POC. The archivedata is still readable using hadoop data roll and is stored o...
...opy of these data (either raw or indexed) to external server (e.g. syslog) for long term archiving.
We're looking for any recommended solution. Would anyone please help?
Thanks a lot.
Rgds
Hello Community, I have to build a temper-proof archive solution with data ingested in splunk. The last couple days I thought about it and I would appreciate your ideas or at best a known/e...
Hi All,
I want to get Archived data from Frozen buckets for a certain time frame. The index which i am trying to fetch is related to windows event logs. Is their any script available to a...
Hi there,
I'm struggling with the following:
On a heavy forwarder I get two types of data: windows events and firewall logs and I need to forward the data to an archive, as well as to the index...
Hi splunkers, Is it possible to have all of the indexes have a one frozen directory path setup in archiving to Amazon S3 glacier? Can anyone of you share their thoughts in storing their data in a...
...ath="/etc/ArchiveFolder/sourcelog5.log.gz" was already indexed as a non-archive, skipping.
02-05-2020 12:53:00.499 +0000 INFO ArchiveProcessor - Finished processing file '/etc/ArchiveFolder/sourcelog5.log...
...ehind this method is that if for any reason I ever needed to restore the archived data for searching I could simply setup a new Splunk indexer, attach the archived EBS volume, and point a search h...
Hi,
I've archived indexeddata into location "D:\Program Files\Splunk\myfrozenarchive" and now myfrozenarchive folder has to folders
db_1364755264_1356979773_16
d...