I have contacted splunk support and they suggested to delete buckets in colddb directory whose names starts with numbers.
I have checked splunk/var/lib/splunk/defaultdb/colddb in that indexer and found some buckets with the names starting with numbers.
33106_7F595026-B730-4182-9A8B-BD8401BFDB16
33107_7F595026-B730-4182-9A8B-BD8401BFDB16
I have to delete these buckets and restart the indexer every time to function normal. Every time the same indexer goes Down. I am unable to find the permanent solution for it. If anybody faced the same problem and solved it. please provide the solution.
↧