How do we get/extract log data from splunk

0
votes

I'm having splunk with holding 3 months of log details getting refreshed after that (no history we can see after that), but my requirement is: I need to store that log details to another folder in splunk, which holds all the log info with history by dumping. Not sure how to extract data from splunk. Can we use any java code? or any API to extract the log data from splunk and store into another?

I'm new to splunk.

2
splunk

2 Answers

0
votes

You need to investigate the following:

  • index retention (and for Smart Store)
  • storage availability
    • if you have an index set for 500G or 1 year, but you store 50G per day, you'll rotate at 10 days
    • if you hsve an index set for 500G or 1 year, but only have 400G available storage, it will rotate sooner
0
votes

In addition to the answer by @warren, look into the coldToFrozenDir and coldToFrozenScript settings in indexes.conf. These settings govern where and how data is archived rather than deleted. The data is not exported, however, it is stored in Splunk's proprietary format.