Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Splunk 7.x Quick Start Guide Gain business data insights from operational intelligence

Product type Paperback

Published in Nov 2018

Publisher Packt

ISBN-13 9781789531091

Length 298 pages

Edition 1st Edition

Tools

Splunk

Concepts

Operational Intelligence

Author (1):

James H. Baxter

View More author details

Table of Contents (12) Chapters

Preface

1. Introduction to Splunk FREE CHAPTER

2. Architecting Splunk

3. Installing and Configuring Splunk

4. Getting Data into Splunk

5. Administering Splunk Apps and Users

6. Searching with Splunk

7. Splunk Knowledge Objects

8. Splunk Reports, Dashboards, and Alerts

9. Splunk Applications

10. Advanced Splunk

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Managing Splunk Indexes

Indexes are where the data that is sent to Splunk is stored. Each index is a directory, and as we discussed in previous sections, each directory contains a subdirectory for host/warm buckets (in /db), cold buckets (in /colddb), and a datamodel_summary , and thaweddb directory, which may be empty if not used for datamodels and thawed buckets, respectively. The folder structure for Splunk's _internal index looks like this:

/opt/splunk/var/lib/splunk/_internaldb
   /colddb
   /datamodel_summary
   /db
   /thaweddb

Index buckets are the files and directories inside each of the above; for example, the /db directory will contain directories of both hot buckets (open and being written to, usually named hot_xxx), and warm buckets (closed for writing, but quickly searchable, usually named db_xxx or rb_xxx). The db_xxx buckets are those that were created on this...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.

See other products by James H. Baxter