|
|
@@ -110,6 +110,7 @@ Add `remotePath = volume:smartstore/$_index_name` to an index such as `_introspe
|
|
|
index=_internal sourcetype=splunkd TERM(action=upload)
|
|
|
| rex field=cache_id "\w+\|(?<indice>[^~]+)"
|
|
|
| stats count(eval(status=="attempting")) AS Attempting count(eval(status=="succeeded")) AS Succeeded count(eval(status=="failed")) AS Failed BY indice
|
|
|
+| addcoltotals labelfield=indice
|
|
|
```
|
|
|
|
|
|
The _introspection index should appear in the search results with values under "Attempting" and "Succeeded". If the value under "Failed" is greater than zero, check splunkd.log on one of the indexers to troubleshoot.
|
|
|
@@ -117,7 +118,11 @@ The _introspection index should appear in the search results with values under "
|
|
|
Additional Splunk Searches:
|
|
|
|
|
|
```
|
|
|
-| rest /services/admin/cacheman/_metrics | fields splunk_server migration.*
|
|
|
+| rest /services/admin/cacheman/_metrics splunk_server=*-splunk-idx-*
|
|
|
+| fields splunk_server migration.*
|
|
|
+| rename migration.* AS *
|
|
|
+| convert timeformat="%F %T %Z" ctime(start_epoch) ctime(end_epoch)
|
|
|
+| addcoltotals labelfield=splunk_server total_jobs current_job
|
|
|
```
|
|
|
|
|
|
If Splunk restarts before the migration completes, the endpoint data may not be accurate. If that happens, run:
|
Colby Williams