cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rickymckenzie10
Explorer
Member since: ‎02-27-2024
‎03-19-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-27-2024
View All

Right number and size of hot/warm/cold buckets

by in Deployment Architecture
‎03-19-2024 05:31 PM
‎03-19-2024 05:31 PM
Here is the index stanza:   [new_dex] homePath = volume:hotwarm/new_dex/db coldPath = volume:cold/new_dex/colddb thawedPath = $SPLUNK_DB/new_dex/thaweddb maxTotalDataSizeMB = 2355200 homePath.maxDataSizeMB = 2944000 maxWarmDBCount = 4294967295 // I know this is wrong, but need help setting it frozenTimePeriodInSecs = 15552000 maxDataSize = auto_high_volume repFactor=auto   Also, any other key = pair should be added. There are 18 indexers deployed each with a 16T of size. frozenTimePeriodInSecs has been met, but data is not being moved/deleted.           what configuration/details am I missing here? I needed data gone! ... View more
Labels

Roll hotwarm data to cold when frozenTimePeriodInS...

by in Deployment Architecture
‎03-12-2024 03:54 PM
‎03-12-2024 03:54 PM
Hello, how can I ensure the data being sent to cool_index is rolled to cold when the data is 120 days old? The config I'll use   [cool_index] homePath = volume:hotwarm/cool_index/db coldPath = volume:cold/cool_index/colddb thawedPath = $SPLUNK_DB/cool_index/thaweddb frozenTimePeriodInSecs = 10368000 #120 day retention maxTotalDataSizeMB = 60000 maxDataSize=auto repFactor=auto      am I missing something? ... View more
Labels

Re: How does frozenTimePeriodInSecs and maxWarmDBC...

by in Deployment Architecture
‎02-28-2024 01:24 PM
‎02-28-2024 01:24 PM
@victor_menezes can you expand a little more on this: AFAIK maxWarmDBCount doesn't affect the rollover of data (but it can be storage hungry so be careful with that), it is something the frozenTimePeriodInSecs do instead Yes, I am using maxTotalDataSizeMB in each of the indexes. They all have their specific size. ... View more

How does frozenTimePeriodInSecs and maxWarmDBCount...

by in Deployment Architecture
‎02-27-2024 04:36 PM
‎02-27-2024 04:36 PM
Currently, each of my indexes is set to a specific and own frozenTimePeriodInSecs, but I am noticing they are not rolling over to cold when the frozenTimePeriodInSecs value is set. Data Age (keeps growing) vs Frozen Age (stays as what it is set in frozenTimePeriodInSecs) maxWarmDBCount is set to:   maxWarmDBCount = 4294967295    Does this effect? If the value is changed, would data roll to cold? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-19-2024 08:51 PM
Karma given to
View All