Is there a way to define a maximum size for all tsidx files generated in tsidxstats directory using tscollect command. Could find any settings in indexes.conf or any other config file. According to the documentaition it's an currently unsupported command but the PAN app uses this feature.
Sadly, no. There is no built-in support for managing the size of TSIDX files in 5.0 version of Splunk.
Seems that in software the features we need at any given time will always be implemented in a future release. 🙂
Let's release than 6.x 😉 Thanks to both of you for the comments. We'll then workaround it.
maybe there will be a way in version 6
Bluecoat App uses this as well. Would be great to have some configuration option. Even if it's not supported.
We are having issues with these files growing extra large in just a few days or even hours.