Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

/ opt / splunk / var / lib / splunk / cold

isabelcarvajal
New Member
‎06-18-2018 06:59 AM

Hello

I like you help with validate what contain the Filesystem / opt / splunk / var / lib / splunk / cold, indicator wha it is used 100%.

thanks.

0 Karma
Reply

isabelcarvajal
New Member
‎06-19-2018 05:02 AM

Hello

If / opt / splunk / var / lib / splunk / cold, the indicator is used 100%, can it cause problems in some splunk functionality?

thanks

0 Karma
Reply

PowerPacked
Builder
‎06-18-2018 09:25 AM

Hi @isabelcarvajal

/ opt / splunk / var / lib / splunk -- filesystem holds data for all indexes like _internal, _introspection,_audit, main.

in each of these indexes, the data again is arranged based on the age ----- Hot, warm, cold, thawed

db folder ----- hot &warm data
colddb ----- cold data
thaweddb ----- restore frozen data which can be searched.

Please go through these doc for more understanding.
http://docs.splunk.com/Documentation/Splunk/7.1.1/Indexer/HowSplunkstoresindexes

& aging of the data can be explained in this doc.

https://wiki.splunk.com/Deploy:BucketRotationAndRetention

thanks

Reply

isabelcarvajal
New Member
‎06-18-2018 03:05 PM

Hello, I have one Question.

If this file system can be affected the operation of splunk?

Thanks for your answer

0 Karma
Reply

PowerPacked
Builder
‎06-18-2018 07:56 PM

what do you mean by affected ?

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...