.db Files: The .db files in the frozen directory are SQLite database files. These files store the indexed and compressed data in a structured format for efficient retrieval. Splunk uses SQLite as a lightweight embedded database engine for managing and organizing indexed data. .rb Files: The .rb files are Splunk's "Rolling Bloom Filter" files. They are part of the Splunk indexing process and contain metadata used for efficient searching and filtering of data. The Rolling Bloom Filter is a probabilistic data structure that helps to quickly determine if a particular term or value is likely to exist in an index block, reducing the need for expensive disk I/O operations during searches.
... View more
Hi @nandhukiran37 You may opt for - Indexers, search head, deployment server, license master, universal forwarder. But you may also go for Indexers, search head, deployment server, license master, universal forwarder, heavy forwarder, adding an HF is better if you have lot of data and needs further parsing
... View more