Databases Reference
In-Depth Information
coldToFrozenDir = /big_slow/frozen/security
[app]
homePath = volume:large_home/app
coldPath = volume:large_cold/app
thawedPath = /big_slow/thawed/app
[chat]
homePath = volume:two_year_home/chat
coldPath = volume:two_year_cold/chat
thawedPath = /big_slow/thawed/chat
coldToFrozenDir = /big_slow/frozen/chat
[web_summary]
homePath = volume:one_year_home/web_summary
coldPath = volume:one_year_cold/web_summary
thawedPath = /big_slow/thawed/web_summary
thawedPath
cannot be defined using a volume and must be
specified for Splunk to start.
For extra protection, we specified
coldToFrozenDir
for the indexes
security
and
chat
. The buckets for these indexes will be copied to this directory before deletion,
but it is up to us to make sure the disk does not fill up. If we allow the disk to fill up,
Splunk will stop indexing until space is made available.
This is just one approach to using volumes. You could overlap in any way that
makes sense to you as long as you understand that the oldest bucket in a volume
will be frozen first, no matter what index put the bucket in that volume.
Deploying the Splunk binary
Splunk provides binary distributions for Windows and a variety of Unix operating
systems. For all Unix operating systems, a compressed tar file is provided. For some
platforms, packages are also provided.
If your organization uses packages, such as
deb
or
rpm
, you should be able to use the
provided packages in your normal deployment process. Otherwise, installation starts
by unpacking the provided tar to the location of your choice.
The process is the same whether you are installing the full version of Splunk or the
Splunk Universal Forwarder.
Search WWH ::
Custom Search