Splunk · Schema

IndexUpdateRequest

AnalyticsData AnalysisLoggingMachine DataMonitoringObservabilityPlatformSecuritySIEM

Properties

Name Type Description
maxTotalDataSizeMB integer Maximum total size of the index in MB
frozenTimePeriodInSecs integer Seconds until data is frozen
maxHotBuckets integer Maximum number of hot buckets
maxWarmDBCount integer Maximum number of warm buckets
disabled boolean Whether to disable the index
coldToFrozenDir string Path to archive frozen buckets to. If not set, frozen data is deleted.
coldToFrozenScript string Script to run when freezing buckets
View JSON Schema on GitHub