Splunk's default bucket size is 10 GB for 64-bit systems and 750 MB for 32-bit systems. We should be able to see the hot-db and any warm buckets there. The buckets have been located in the following locations by default: Data that has been archived can be thawed at a later date (data in a frozen bucket is not searchable). By default, the indexer deletes frozen data, but we can archive it. Frozen: A frozen bucket is made up of data that has been rolled out of a cold bucket.Cold: Data in a cold bucket is rolled out from a warm bucket.A warm bucket is made up of data that has been rolled out of a hot bucket.Each index may have one or more hot buckets. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |