![]() ![]() Earliest event: The time of the earliest event found in the index.Event count: The number of events in the index.Max size: The maximum amount of uncompressed raw data (in TB, GB, or MB) that can be retained in the index.Current size: The approximate amount of uncompressed raw data currently stored in the index.App: The app to which the index belongs.Index type: Whether the index is an events index or a metrics index.Index name: The name specified when the index was created.View index details such as the following.To modify settings for an index, click its name. The Indexes page lists the indexes in a Splunk Cloud Platform deployment and lets administrators to create, update, delete, and modify the properties of indexes. To view the Indexes page, select Settings > Indexes. To configure your data retention settings, see the best practice listed here: Manage Data Retention Settings.Devise a naming convention to easily track, navigate, and organize indexes.For example, create separate indexes for different departments. Apply logical or role-based boundaries for indexes.Using separate indexes, you can set different data retention times for each type of data. ![]() For example, you might need to keep security logs for one year but web access logs for only one month. Create separate indexes for long-term and short-term data.To create metrics indexes, see Create a Splunk Cloud Platform metrics index.įor more information about the metrics data format see Metrics.Ĭonsider these best practices when creating indexes: To create events indexes, see Create a Splunk Cloud Platform events index. Putting metrics data into metrics indexes results in faster performance and less use of index storage, compared to putting the same data into events indexes.Įvents indexes are the default index type. Metrics indexes use a highly structured format to handle the higher volume and lower latency demands associated with metrics data. Metrics indexes, for metric data points.Events indexes impose minimal structure and can accommodate any kind of data, including metrics data. Events indexes, for event-based log data.However, it can be restored to a Splunk Enterprise instance for searching if necessary. Data from a self storage location can no longer be searched from Splunk Cloud Platform. Archived data can be restored to Splunk Cloud Platform for searching. Data from the index is not deleted until it is successfully moved to the storage location. Move expired data from indexes to self storage or a Splunk-supported archive (Dynamic Data Active Archive).The operation is final and can't be reversed. Caution: This function deletes all data from an index and removes the index. Optimize search performance by managing the number of indexes and the data sources that are stored in specific indexes.Modify data retention settings for individual indexes to control when Splunk Cloud Platform automatically deletes data or moves it to storage.Monitor the size of data in the indexes to remain within the limits of a data plan or to identify a need to increase the data plan.Create, update, delete, and view properties of indexes.To manage indexes, Splunk Cloud Platform administrators can perform these tasks: Indexes store the data you have sent to your Splunk Cloud Platform deployment. Splunk Cloud Platform administrators create indexes to organize data, apply role-based access permissions to indexes that contain relevant user data, fine-tune data, specify how long to retain data in indexes, and so on. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |