Trimming Down your Splunk Indexer Storage with TSIDX Retention Settings

Hi everyone.  Today I wanted to cover the tsidx retention feature that was released in Splunk version 6.4.  This feature helps you reduce the storage costs for your indexer while maintaining actively searchable data.  Also in this blog, I wanted to try a new format and convey the information in an FAQ style.  Please leave a comment if you found the new format helpful for learning about tsidx retention.

Tsidx File Fundamentals

First let's cover some fundamentals about tsidx files.

Q. What is a tsidx file?
A. Tsidx stands for "time-series index" file.  It's...


Splunking the Linux Audit System

For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.

A little background on the Linux Audit System

The Linux Audit system provides a way to track security-relevant information on your...


Stay In Touch