![]() Indicates if the index is properly initialized. Indicates if this is an internal index (for example, _internal, _audit). If you need to archive your data, refer to coldToFrozenDir and coldToFrozenScript parameter documentation.Īn absolute path that contains the hot and warm buckets for the index.Īn absolute filepath to the hot and warm buckets for the index. Defaults to 188697600 (6 years).įreezing data means it is removed from the index. Number of seconds after which indexed data rolls to frozen. If no index destination information is available in the input data, the index shown here is the destination of such data. The total incudes data in the home, cold and thawed paths. Total size, in MB, of data stored in the index. ![]() splunkd process always compresses raw data. See the POST parameter description for details. If both coldToFrozenDir and coldToFrozenScript are specified, coldToFrozenDir takes precedence. To thaw, unzip the zipped files and move the bucket into the thawed directory Old style buckets (Pre-4.2): gzip all the.To thaw, run splunk rebuild on the bucket, then move to the thawed directory ![]() New style buckets (4.2 and on): removes all files but the rawdata.Splunk software automatically puts frozen buckets in this directory. Used as an alternative to a coldToFrozenScript. The index that stores block signatures of events.įilepath to the cold databases for the index.ĭestination path for the frozen archive. If this is set to 0, block signing is disabled for this index. This is a global setting, not a per index setting.Ĭontrols how many events make up a block for block signatures. If enabled (set to True), degrades indexing performance. Indicates whether all data retreived from the index is proper UTF8. Pagination and filtering parameters can be used with this method. For example, introspection endpoints are not applicable to Splunk Cloud deployments. Using the REST API to access any other cluster member nodes is not supported. You can use the REST API to interact with the search head in your deployment. If you have a managed Splunk Cloud deployment with search head clustering and index clustering, the REST API supports access to the search head only. For more information about specifying a namespace, see Namespace in the REST API User Manual. Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace. To determine the capabilities assigned to a role, select Settings > Access controls and click Roles. To view the roles assigned to a user, select Settings > Access controls and click Users. Users with an administrative role, such as admin, can access authorization information in Splunk Web. Splunk users must have role and/or capability-based authorization to use REST endpoints. Username and password authentication is required for access to endpoints and REST operations. ![]() For more information see Access Control List in the REST API User Manual. To check Access Control List (ACL) properties for an endpoint, append /acl to the path. Usage details Review ACL information for an endpoint ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |