Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Has anyone used coldToFrozenScript in indexes.conf for archiving in an indexer clustering environment?

sbhat13
New Member
‎07-11-2016 09:28 AM

We need to do indexer archiving. We have a clustered environment with 4 Search Heads and 4 indexers each. Can anyone suggest if you have ever tried the option of using coldToFrozenScript in the indexes.conf? If yes, let me know what details have to be mentioned there and how can it be used.

Thanks,
Soumya

0 Karma
Reply

kpawar_splunk
Splunk Employee
Splunk Employee
‎07-13-2016 01:02 PM

You can find information about splunk indexer archiving here : http://docs.splunk.com/Documentation/Splunk/6.4.2/Indexer/Automatearchiving
Indexes.conf settings related to coldToFrozenScript are mentioned here : http://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Indexesconf

0 Karma
Reply

sbhat13
New Member
‎07-18-2016 07:21 AM

I have referred the docs and noticed that the sample script is available for this in the Splunk Enterprise product.But I am not sure of what all parameters need to be added/changed in this script for it to work in our case.We have a linux server hosting splunk in clustered environment.Some simple example would be easier to understand.
cat /opt/splunk/bin/coldToFrozenExample.py

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...