I got an alert that some of the indexes buckets have been frozen due to size. How to get the bucket details. I mean the date of the buckets that got frozen?
https://github.com/mehransafari/Splunk_FrozenData_FIND_by_DATE_and_Restore
an script for finding frozen bucket files in time range you gave
shows folders + size + start time and endtime of logs contains on each folder log
+ asks to unfrozen log
it may help you
You can also use dbinspect
| dbinspect index=INDEX_NAME| search state=frozen
Hi @vrmandadi,
Check this query:
index=_internal sourcetype=splunkd INDEX_NAME component=BucketMover
