How Splunk Avoids Duplicate Indexing Of Logs ?

1.	How Splunk Avoids Duplicate Indexing Of Logs ?
Answer» At indexer splunk keeps track of INDEXED EVENTS in a directory called fish buckets (default location /opt/splunk/var/lib/splunk). It CONTAINS seek POINTERS and CRCs for the files you are indexing, so splunkd can tell if it has read them already. At indexer splunk keeps track of indexed events in a directory called fish buckets (default location /opt/splunk/var/lib/splunk). It contains seek pointers and CRCs for the files you are indexing, so splunkd can tell if it has read them already.

Answer»

At indexer splunk keeps track of INDEXED EVENTS in a directory called fish buckets (default location /opt/splunk/var/lib/splunk).
It CONTAINS seek POINTERS and CRCs for the files you are indexing, so splunkd can tell if it has read them already.

At indexer splunk keeps track of indexed events in a directory called fish buckets (default location /opt/splunk/var/lib/splunk).
It contains seek pointers and CRCs for the files you are indexing, so splunkd can tell if it has read them already.

Discussion

No Comment Found

Related InterviewSolutions

What Is Difference Between Splunk Sdk And Splunk Framework?
How Splunk Avoids Duplicate Indexing Of Logs ?
What Is Mapreduce Algorithm?
How Would You Handle/troubleshoot Splunk License Violation Warning Error?
If I Want Add/onboard Folder Access Logs From A Windows Machine To Splunk How Can I Add Same?
What Is Difference Between Search Head Pooling And Search Head Clustering?
What Is Dispatch Directory?
How Can I Tell When Splunk Is Finished Indexing A Log File?
How Do I Exclude Some Events From Being Indexed By Splunk?
What Is Fishbucket Or What Is Fishbucket Index?

How Splunk Avoids Duplicate Indexing Of Logs ?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment