Solved: How to fix frozen folder not splitting up by index...

avivfri · ‎04-18-2022

Hello

I noticed that my frozen folder are not splitting up by indexes. Instead I have "$_index_name" at the root folder on the volume.

this is my configuration:

[default]
maxTotalDataSizeMB = 1000000
frozenTimePeriodInSecs = 13824000
homePath = volume:hot/$_index_name/db
coldPath = volume:cold/$_index_name/colddb
tstatsHomePath = volume:hot/$_index_name/datamodel_summary
summaryHomePath = volume:hot/$_index_name/summary
thawedPath = $SPLUNK_DB/$_index_name/thaweddb
coldToFrozenDir = /frozen/$_index_name/frozendb
repFactor=auto

is there a way to fix it?

Thank you

PickleRick · ‎04-18-2022

The docs to indexes.conf suggest that the placeholder $_index_name is _not_ supported for the coldToFrozenDir setting. So you'd have to overwrite it to a specific value for each index.

View solution in original post

PickleRick · ‎04-18-2022

The docs to indexes.conf suggest that the placeholder $_index_name is _not_ supported for the coldToFrozenDir setting. So you'd have to overwrite it to a specific value for each index.

How to fix frozen folder not splitting up by indexes that instead have $_index_name at the root folder on the volume?

administration

configuration

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector