×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
SplunkAdmin69
Engager
Member since: ‎06-30-2022
‎07-01-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-30-2022
View All

Re: Where did the test data go in the SPL Tutorial...

by SplunkTrust in Splunk Search
‎07-01-2022 02:38 PM
‎07-01-2022 02:38 PM
In Splunk data lifecycle there are several stages the bucket can be in. First the bucket is hot. Splunk is writing new data to it. Then after the bucket meets some parameters (size, age), the "housekeeping" thread closes the bucket and moves it to another directory on the same storage - it's called warm bucket. After the bucket is old enough, if you have separate storage defined for it, the bucked is moved to the cold storage - it's a cold bucket. And finally after the bucket reaches the retention period or the index gets too big, the bucket is frozen - if you have special storage defined for it, the bucket is moved there and removed from splunk (it's meant for archiving and not for direct use anymore). But if you don't have the frozen storage defined (which is the default config), the bucket simply gets deleted. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-01-2022 06:19 PM