Frozen Wasteland
In this post, I'd like to visit the "Siberia" of Splunk data or frozen (archived) storage. For all other types of data besides frozen, you can get insight on your Splunk data at the index and bucket level by using the "dbinspect" command or apps like "Fire Brigade." However, because frozen data "lives" outside of the world of Splunk, there's no way to get insight on that data via Splunk. Therefore, I will outline a solution for creating a scripted input to send metrics to Splunk which can then be used for reporting.
Create the...