now browsing by tag
Written by Tags: Donovan Mitchell/FIBA World Cup/Giannis Antetokounmpo/Greece/Team USA September 7, 2019 /Sports News – Local Americans top Antetokounmpo, Greece at World Cup 69-53; Mitchell scores 10 on his birthday FacebookTwitterLinkedInEmailSHENZHEN, China (AP) — Kemba Walker scored 15 points, Donovan Mitchell scored 10 on his 23rd birthday and the U.S. contained NBA MVP Giannis Antetokounmpo, defeating Greece 69-53 in a second-round game at the World Cup on Saturday.Harrison Barnes and Derrick White each scored nine for the U.S. (4-0), which can clinch a quarterfinal berth Monday in multiple ways. It needs either a win over Brazil or a Greece win over the Czech Republic or through a three-way tiebreaker, if necessary.Antetokounmpo, the Milwaukee Bucks star and reigning NBA MVP, scored 15 points for Greece (2-2).The U.S. national team has won 57 consecutive games in international tournaments with NBA players, starting with the 2006 world championships bronze-medal game and continuing through every FIBA Americas, world championships, World Cup and Olympic event since.The streak started after a 101-95 loss to Greece in 2006 — a defeat that forced the U.S. to change its program.The Americans haven’t lost in the biggest tournaments since.“I thought we played well,” Walker said. “Stuck to the game plan.”Antetokounmpo’s eyes were closed as he mouthed along with the words of Greece’s national anthem. After the U.S. anthem played and the rosters from both sides met at midcourt for the customary pregame exchange of gifts, the NBA MVP shook hands with Bucks teammate Brook Lopez and gave him a quick hug.Other than that, there was no pregame interaction between Antetokounmpo and the Americans.He was super-aggressive from the jump, spinning his way to a layup on the first possession, making a 3-pointer on Greece’s second possession and he got fouled on a baseline drive on the next trip down the floor.So that was five points in the first 43 seconds for Antetokounmpo. He scored four in his next 18 minutes of playing time.The Americans kept a steady stream of different looks coming at the MVP — who was guarded in the first half alone by Harrison Barnes, Khris Middleton, Jaylen Brown, Marcus Smart and Myles Turner. The Celtics players, perhaps mindful of what he did against them in last season’s playoffs, held him scoreless in the half and the U.S. went into the break with a 38-25 lead.Antetokounmpo had a steal and dunk late in the third, which got plenty of fans out of their seats and Greek fans waving flags. But the outcome was never in doubt, and the MVP was on the bench for the entire fourth quarter in a somewhat puzzling move.TIP-INSU.S.: Mitchell’s birthday came a day after Joe Harris turned 28. … Smart, who has twice missed time with leg injuries this summer, slipped and fell as he chased a loose ball out of bounds with 1:11 left in the first. He stayed in the game. … The U.S. shot only 36%.Greece: The outcome came five years to the day after the Greeks were ousted by Serbia in the Round of 16 at the 2014 World Cup. … Nick Calathes became the third Florida player to be part of a loss to the U.S. this summer; Andrew Nembhard played in the Americans’ pre-World Cup win over Canada in Australia, and Scottie Wilbekin played for Turkey in its overtime loss to the U.S. in the group stage.HOLDING LEADSThrough four games, the U.S. has trailed for all of 7 minutes, 48 seconds — out of a possible 165 minutes. The Americans have led for 147:02, and games have been tied for 10:10.CLAMPING DOWNThe U.S. has held Japan and Greece to a combined 98 points in the last two games. That represents the fewest points the U.S. has allowed in consecutive games of a major international tournament since the 1988 Olympics, when the Americans gave up 92 in a two-game stretch against Egypt and Puerto Rico.UP NEXTU.S.: Face Brazil (3-1) in a second-round finale Monday in Shenzhen.Greece: Face the Czech Republic (3-1) in a second-round finale Monday in Shenzhen. Associated Press
Load remaining images The iconic Rusted Root made their way to Chattanooga, TN last weekend, playing the city’s Track 29 venue for what was certainly a great night of music. The show started with Tennessee-based band SIMO, who treated fans to a classic rock-style performance with tons of energy. Their show had fans grooving and eager for more, especially when they closed their set with a great rendition of “With A Little Help From My Friends.”Headliners Rusted Root did not disappoint, treating fans to a showcase of their biggest hits. The band included a cover of David Bowie’s “Rebel Rebel” in their setlist, and encored with their biggest hits “Send Me On My Way” and “Back To Earth.” The whole audience was left smiling after Rusted Root’s great performance!Check out a full gallery of images below, courtesy of CJ Stewart Photography.
The College of Agricultural and Environmental Sciences will honor Gale Buchanan, a former dean of the college, and longtime, influential pecan and watermelon producer Buddy Leger, as inductees into Georgia Agricultural Hall of Fame on September 14 at an induction ceremony at 6 p.m. in Athens, Ga. The Georgia Agricultural Hall of Fame was established in 1972 to recognize individuals making unusual and extraordinary contributions to agriculture and agribusiness industries in Georgia. “The Georgia Agricultural Hall of Fame provides a historical snapshot of the rich and varied history of agriculture in Georgia,” said Juli Fields, director of alumni relations for the college. “The 2012 inductees have contributed a great deal to the advancement of agriculture in this state and are excellent examples of how one individual can make a difference.” Inductees are nominated by members of the public and selected by the awards committee of the UGA College of Agricultural and Environmental Sciences Alumni Association. Those nominated must possess the following characteristics: impeccable character, outstanding leadership, having made noteworthy contributions to Georgia’s agricultural landscape and having been recognized for his or her achievements in agriculture as well as other areas. Former inductees include agricultural history makers such as former Agriculture Commissioner Tommy Irvin, Goldkist Founder D.W. Brooks, former UGA vice-president for public service J.W. Fanning and J. Phil Campbell, founding director of the Cooperative Extension Service in Georgia. Gale Buchanan, who served as dean of the College of Agricultural and Environmental Sciences from 1995 until 2005, was nominated for his multiple contributions to agricultural research, both as a peanut researcher and administrator. Buchanan grew up on a peanut farm in Madison County, Fla., where he spent many days hoeing weeds out of his parents’ peanut rows. As a young scientist, he focused on researching ways of reducing weed pressure on peanuts, using both herbicides and improved planting methods. His groundbreaking development of twin row planting in peanuts led to a dramatic decrease in the amount of herbicide farmers needed to use and a 10 to 15 percent increase in plant yield. He served as director of the UGA Coastal Plain Experiment Station in Tifton from 1986 to 1994 before coming to Athens to oversee the entire college. Leger, who has grown pecans and watermelons in Cordele since the 1960s, will be inducted in honor of his lifelong support of Georgia agriculture and his work expanding markets for some of Georgia’s top commodities — watermelons and pecans. He founded the National Watermelon Promotion Board in the 1980s to bring together watermelon producers and shippers to support the research of better watermelon varieties and growing techniques. In 1995 he spearheaded the creation of the Georgia Commodity Commission for Pecans. The group, made of pecan producers across the state, has helped pay for increased marketing of Georgia pecans, which has created a national and international market for the nuts. Leger has served on dozens of statewide policy-making and advisory boards over the last 50 years. He is the founding president of the National Watermelon Research and Promotion Board, a former president of the Georgia and National Watermelon associations, a former president of the National Pecan Marketing Council, a former president of the Georgia Pecan Growers Association and served on Governor Sonny Perdue’s Agricultural Advisory Committee, where he chaired a sub-committee on education. He currently sits on the executive council of the National Watermelon Association, the Georgia Community Rural Development Council, UGA College of Agricultural and Environmental Sciences Advisory Council and the Upper Flint Regional Water Planning Council. Anyone who would like to attend the awards banquet should visit www.caes.uga.edu/alumni . Anyone with questions about the Georgia Agricultural Hall of Fame should call (706) 542-3390.
They have already taken the Warriors to overtime twice this season, including on Monday, amid the night-long feting of Bryant.“As long as we play together with a lot of energy we can go in any night and beat any team, I feel like,” Ball said. “And I think the whole team feels like that as well.”It’s a remarkable level of swagger considering where the Lakers find themselves. Friday will conclude a wild eight days, in which they will have played two games against the Warriors and faced road tests in Cleveland and Houston.So far, the Lakers have acquitted themselves well, despite winning only one of the first three games.“I think our group just mentally is getting stronger as far as the way we go out and play,” Walton said. “We are not scared of other teams. We are up for the challenge each night and when you lose, it makes you hungrier and hungrier and I think they came out (in Houston) and said, ‘Enough was enough,’ and made plays all night long.”Kuzma said the Lakers have already learned some lessons from this stretch, including one big one.“That we can compete with people,” he said. “If we play the way we do and pay attention to details, we could’ve won every single game we played so far.“Could have beat the Warriors twice this year. Could have beat the Cavs. Beat the Rockets. We can definitely compete at a high level.”LINEUP UPDATEThe Lakers will be closer to full strength on Friday when Kentavious Caldwell-Pope is expected to return to the lineup. The 24-year-old shooting guard is temporarily restricted from leaving the state of California after pleading guilty earlier this year to allowing a person to operate his car while intoxicated.The Los Angeles Times reported Thursday that Caldwell-Pope violated his probation by failing to take required drug and alcohol screenings and is serving a 25-day sentence at a Seal Beach detention center, which he is only allowed to leave for Lakers practices and in-state games.He was not present for practice Thursday, Walton said. The Lakers signed Caldwell-Pope to a one-year, $18 million contract in July. He was suspended for the first two games of the season and subsequently missed the games in Cleveland and Houston. His sentence will also cause him to miss the Dec. 31 game at Houston as well as the Jan. 1 matchup with the Timberwolves in Minnesota.JULIUS SEETHER?A consequence of the new rotation Walton unveiled Wednesday in Houston was that Julius Randle, amid one of the best seasons of his career, saw only eight minutes of action.“I am sure he’s a little frustrated and probably he didn’t think it was fair with how well he was playing for us,” Walton said, “which is a fair point by him. But the team won.”The relationship between Randle and the Lakers was made tenuous first when Walton moved Randle to the bench in training camp and, later in October, when the front office decided not to offer him a contract extension. With the Lakers eager to shed cap space to chase LeBron James, Paul George or other elite free agents next summer, there is an assumption that the Lakers will look to trade Randle before February’s deadline.Despite playing a career-low 22.3 minutes per game, Randle is averaging 12.2 points and 6.1 rebounds and has primarily found success as a small-ball center against other team’s bench units.Then on Wednesday, he watched Kuzma start at power forward and pour in 38 points, veteran Andrew Bogut start at center and Larry Nance Jr. come off the bench for 13 points and nine rebounds.In his eight minutes against the Rockets, this was Randle’s night: four points, one rebound, two fouls, and repeatedly getting attacked by James Harden.“I talked to Julius and I didn’t anticipate the rotation going the way it did,” Walton said. “He’s been one of our better players all year long. … I don’t anticipate those being Julius’ minutes going forward.”Did that explanation appease the fourth-year big man?“He shook his head and that was kind of the end of it,” Walton said. OAKLAND — Everybody loves Kyle Kuzma.Following his 38-point outburst against the Houston Rockets on Wednesday, Kuzma watched as a flood of star athletes tweeted out their praise for the rookie out of Utah. Los Angeles Sparks star Candace Parker tweeted a reference to the “Kuzma bus,” and Seattle Seahawks cornerback Richard Sherman responded, “Been driving it.”Kobe Bryant endorsed Kuzma’s postgame comment that he expected to have this kind of success with a simple emoji: the flexed bicep.“Got some high-profile people in there,” Kuzma said after a light practice Thursday afternoon at Oracle Arena. “It was definitely cool.” Newsroom GuidelinesNews TipsContact UsReport an Error AD Quality Auto 360p 720p 1080p Top articles1/5READ MOREUCLA alum Kenny Clark signs four-year contract extension with PackersFor as picked apart as Lonzo Ball’s rookie season has been, his fellow first-rounder has largely been immune from criticism. With averages of 17.4 points and 6.6 rebounds, while shooting 50 percent from the field, Kuzma has forced his way into the NBA Rookie of the Year conversation with Philadelphia’s Ben Simmons and Utah guard Donovan Mitchell.Kuzma’s hot shooting carried into Thursday’s practice. After he made his first nine shots against the Rockets, six of them 3-pointers, Coach Luke Walton said Kuzma remained on target in the regular shooting contest he and Lonzo Ball wage against the coaches.“He started shooting left-handed at one point,” Walton grumbled. “And they still beat us.”The mood around the Lakers on Thursday was relaxed, if not outright celebratory after beating the league-leading Rockets (25-5) despite three rookies in their starting lineup.Facing the defending champion Golden State Warriors for the third time in less than a month on Friday, the Lakers (11-18) seem as confident as they have been at any point this season.
DES MOINES — Republican Senator Joni Ernst posted a short video online this (Monday) morning, challenging Democratic opponent Theresa Greenfield to half a dozen debates before the General Election.“You know, I haven’t heard Theresa Greenfield say one thing that Chuck Schumer hasn’t told her to say and that’s not what Iowans expect in a leader, so I’m challenging Miss Greenfield to six debates, two each month, starting in August,” Ernst said in the video. “Let’s let Iowans hear what we have to say.”Schumer is the Democratic leader in the U.S. Senate. A spokesman for Greenfield’s campaign said after a new poll shows Ernst trailing Greenfield, Ernst is following Senate Republican Leader Mitch McConnell’s “desperate playbook” for failing senators around the country.One of Ernst’s top advisors amplified the senator’s message on Twitter when the man who founded Iowa Starting Line commented on Ernst’s video, suggesting that “once again, a man was stepping in trying to speak for Greenfield.” Sam Newton, a spokesman for the Greenfield campaign, said Greenfield participated in three televised debates and six public forums prior to this month’s primary and looks forward to debating Ernst this fall.
TORONTO – The family of an 11-year-old Toronto girl has reportedly apologized for the “pain and anger” they caused, after the girl’s claim that a man cut her hijab turned out not to be true.“This has been a very painful experience for our family,” said the statement, first reported by the Toronto Star.“We want to thank everyone who has shown us support at this difficult time. Again, we are deeply sorry for this and want to express our sincere apologies to every Canadian.”Toronto police began investigating the alleged incident as a hate crime last Friday, after the girl said she was attacked twice on the way to school by a man who cut her hijab with scissors.The alleged incident made international headlines and drew swift public condemnation from the prime minister, Ontario’s premier and Toronto’s mayor.On Monday, police announced that their investigation was complete and the alleged incident did not happen.They said no charges would be laid.Spokesman Mark Pugash said in an interview that police weren’t prepared to discuss how the situation escalated.He stressed that it’s “very unusual” for someone to make such false allegations, and he hopes it will not discourage others from coming forward.Canadian Muslim organizations expressed similar concerns, saying they feared others who experience hate crimes may be reluctant to report them out of worry that they will not be believed.In their statement Wednesday, the girl’s family said when they heard her story, they “assumed it to be true, just like everyone else.”They added, “We only went public because we were horrified that there was such a perpetrator who may try to harm someone else.”Note to readers: This is a corrected story to clarify a comment attributed to police spokesman Mark Pugash
December 28, 2016 Growing a business sometimes requires thinking outside the box. Apple researchers have come up with an improved way to train artificial intelligence algorithms, an achievement that’s less significant for its scientific value than for the fact that it may be a sign of more Apple AI research to come.While tech giants like Facebook, Google and Microsoft have amassed considerable brainpower from AI academics and engineers and regularly advertise their findings, Apple has remained largely silent. The new algorithm training technique, detailed in a paper published last week, is Apple’s first major public contribution to artificial intelligence research. It comes two months after Carnegie Mellon professor Russ Salakhutdinov joined the company as its director of AI research, signalling a shakeup in Apple’s AI priorities.The paper itself doesn’t exactly turn heads outside of research circles: it proposes a new method of using machine learning to more efficiently train neural networks, the building blocks of artificial intelligence that are present in everything from chatbots to self-driving cars. But it is sponsored by a company that until now has kept private virtually all of its research, AI or otherwise.The shift is due in part to Salakhutdinov’s hiring. He is no stranger to the tech industry, having previously served as a Microsoft Research Faculty Fellow and picked up awards from Google and Nvidia. His background in academia, meanwhile, which prides itself on collaboration, means that he’s less likely to subscribe to traditional Apple-style secrecy.Immediately after Salakhutdinov was hired, he remarked that he was “excited” about the new position and indicated that he would be looking to hire even more AI engineers. Beefing up its AI team would put Apple in a league with some of its traditional rivals like Microsoft, as well as Facebook, which is reserving large amounts of computing power from its data centers to power its AI research. Free Webinar | Sept. 9: The Entrepreneur’s Playbook for Going Global 2 min read This story originally appeared on PCMag Register Now »
An index in Splunk is a storage pool for events, capped by size and time. By default, all events will go to the index specified by defaultDatabase, which is called main but lives in a directory called defaultdb. In this tutorial, we put focus to index structures, need of multiple indexes, how to size an index and how to manage multiple indexes in a Splunk environment. This article is an excerpt from a book written by James D. Miller titled Implementing Splunk 7 – Third Edition. Directory structure of an index Each index occupies a set of directories on the disk. By default, these directories live in $SPLUNK_DB, which, by default, is located in $SPLUNK_HOME/var/lib/splunk. Look at the following stanza for the main index: [main] homePath = $SPLUNK_DB/defaultdb/db coldPath = $SPLUNK_DB/defaultdb/colddb thawedPath = $SPLUNK_DB/defaultdb/thaweddb maxHotIdleSecs = 86400 maxHotBuckets = 10 maxDataSize = auto_high_volume If our Splunk installation lives at /opt/splunk, the index main is rooted at the path /opt/splunk/var/lib/splunk/defaultdb. To change your storage location, either modify the value of SPLUNK_DB in $SPLUNK_HOME/etc/splunk-launch.conf or set absolute paths in indexes.conf. splunk-launch.conf cannot be controlled from an app, which means it is easy to forget when adding indexers. For this reason, and for legibility, I would recommend using absolute paths in indexes.conf. The homePath directories contain index-level metadata, hot buckets, and warm buckets. coldPath contains cold buckets, which are simply warm buckets that have aged out. See the upcoming sections The lifecycle of a bucket and Sizing an index for details. When to create more indexes There are several reasons for creating additional indexes. If your needs do not meet one of these requirements, there is no need to create more indexes. In fact, multiple indexes may actually hurt performance if a single query needs to open multiple indexes. Testing data If you do not have a test environment, you can use test indexes for staging new data. This then allows you to easily recover from mistakes by dropping the test index. Since Splunk will run on a desktop, it is probably best to test new configurations locally, if possible. Differing longevity It may be the case that you need more history for some source types than others. The classic example here is security logs, as compared to web access logs. You may need to keep security logs for a year or more, but need the web access logs for only a couple of weeks. If these two source types are left in the same index, security events will be stored in the same buckets as web access logs and will age out together. To split these events up, you need to perform the following steps: Create a new index called security, for instance Define different settings for the security index Update inputs.conf to use the new index for security source types For one year, you might make an indexes.conf setting such as this: [security] homePath = $SPLUNK_DB/security/db coldPath = $SPLUNK_DB/security/colddb thawedPath = $SPLUNK_DB/security/thaweddb #one year in seconds frozenTimePeriodInSecs = 31536000 For extra protection, you should also set maxTotalDataSizeMB, and possibly coldToFrozenDir. If you have multiple indexes that should age together, or if you will split homePath and coldPath across devices, you should use volumes. See the upcoming section, Using volumes to manage multiple indexes, for more information. Then, in inputs.conf, you simply need to add an index to the appropriate stanza as follows: [monitor:///path/to/security/logs/logins.log] sourcetype=logins index=security Differing permissions If some data should only be seen by a specific set of users, the most effective way to limit access is to place this data in a different index, and then limit access to that index by using a role. The steps to accomplish this are essentially as follows: Define the new index. Configure inputs.conf or transforms.conf to send these events to the new index. Ensure that the user role does not have access to the new index. Create a new role that has access to the new index. Add specific users to this new role. If you are using LDAP authentication, you will need to map the role to an LDAP group and add users to that LDAP group. To route very specific events to this new index, assuming you created an index called sensitive, you can create a transform as follows: [contains_password] REGEX = (?i)password[=:] DEST_KEY = _MetaData:Index FORMAT = sensitive You would then wire this transform to a particular sourcetype or source index in props.conf. Using more indexes to increase performance Placing different source types in different indexes can help increase performance if those source types are not queried together. The disks will spend less time seeking when accessing the source type in question. If you have access to multiple storage devices, placing indexes on different devices can help increase the performance even more by taking advantage of different hardware for different queries. Likewise, placing homePath and coldPath on different devices can help performance. However, if you regularly run queries that use multiple source types, splitting those source types across indexes may actually hurt performance. For example, let’s imagine you have two source types called web_access and web_error. We have the following line in web_access: 2012-10-19 12:53:20 code=500 session=abcdefg url=/path/to/app And we have the following line in web_error: 2012-10-19 12:53:20 session=abcdefg class=LoginClass If we want to combine these results, we could run a query like the following: (sourcetype=web_access code=500) OR sourcetype=web_error | transaction maxspan=2s session | top url class If web_access and web_error are stored in different indexes, this query will need to access twice as many buckets and will essentially take twice as long. The life cycle of a bucket An index is made up of buckets, which go through a specific life cycle. Each bucket contains events from a particular period of time. The stages of this lifecycle are hot, warm, cold, frozen, and thawed. The only practical difference between hot and other buckets is that a hot bucket is being written to, and has not necessarily been optimized. These stages live in different places on the disk and are controlled by different settings in indexes.conf: homePath contains as many hot buckets as the integer value of maxHotBuckets, and as many warm buckets as the integer value of maxWarmDBCount. When a hot bucket rolls, it becomes a warm bucket. When there are too many warm buckets, the oldest warm bucket becomes a cold bucket. Do not set maxHotBuckets too low. If your data is not parsing perfectly, dates that parse incorrectly will produce buckets with very large time spans. As more buckets are created, these buckets will overlap, which means all buckets will have to be queried every time, and performance will suffer dramatically. A value of five or more is safe. coldPath contains cold buckets, which are warm buckets that have rolled out of homePath once there are more warm buckets than the value of maxWarmDBCount. If coldPath is on the same device, only a move is required; otherwise, a copy is required. Once the values of frozenTimePeriodInSecs, maxTotalDataSizeMB, or maxVolumeDataSizeMB are reached, the oldest bucket will be frozen. By default, frozen means deleted. You can change this behavior by specifying either of the following: coldToFrozenDir: This lets you specify a location to move the buckets once they have aged out. The index files will be deleted, and only the compressed raw data will be kept. This essentially cuts the disk usage by half. This location is unmanaged, so it is up to you to watch your disk usage. coldToFrozenScript: This lets you specify a script to perform some action when the bucket is frozen. The script is handed the path to the bucket that is about to be frozen. thawedPath can contain buckets that have been restored. These buckets are not managed by Splunk and are not included in all time searches. To search these buckets, their time range must be included explicitly in your search. I have never actually used this directory. Search https://splunk.com for restore archived to learn the procedures. Sizing an index To estimate how much disk space is needed for an index, use the following formula: (gigabytes per day) * .5 * (days of retention desired) Likewise, to determine how many days you can store an index, the formula is essentially: (device size in gigabytes) / ( (gigabytes per day) * .5 ) The .5 represents a conservative compression ratio. The log data itself is usually compressed to 10 percent of its original size. The index files necessary to speed up search brings the size of a bucket closer to 50 percent of the original size, though it is usually smaller than this. If you plan to split your buckets across devices, the math gets more complicated unless you use volumes. Without using volumes, the math is as follows: homePath = (maxWarmDBCount + maxHotBuckets) * maxDataSize coldPath = maxTotalDataSizeMB – homePath For example, say we are given these settings: [myindex] homePath = /splunkdata_home/myindex/db coldPath = /splunkdata_cold/myindex/colddb thawedPath = /splunkdata_cold/myindex/thaweddb maxWarmDBCount = 50 maxHotBuckets = 6 maxDataSize = auto_high_volume #10GB on 64-bit systems maxTotalDataSizeMB = 2000000 Filling in the preceding formula, we get these values: homePath = (50 warm + 6 hot) * 10240 MB = 573440 MB coldPath = 2000000 MB – homePath = 1426560 MB If we use volumes, this gets simpler and we can simply set the volume sizes to our available space and let Splunk do the math. Using volumes to manage multiple indexes Volumes combine pools of storage across different indexes so that they age out together. Let’s make up a scenario where we have five indexes and three storage devices. The indexes are as follows: Name Data per day Retention required Storage needed web 50 GB no requirement ? security 1 GB 2 years 730 GB * 50 percent app 10 GB no requirement ? chat 2 GB 2 years 1,460 GB * 50 percent web_summary 1 GB 1 years 365 GB * 50 percent Now let’s say we have three storage devices to work with, mentioned in the following table: Name Size small_fast 500 GB big_fast 1,000 GB big_slow 5,000 GB We can create volumes based on the retention time needed. Security and chat share the same retention requirements, so we can place them in the same volumes. We want our hot buckets on our fast devices, so let’s start there with the following configuration: [volume:two_year_home] #security and chat home storage path = /small_fast/two_year_home maxVolumeDataSizeMB = 300000 [volume:one_year_home] #web_summary home storage path = /small_fast/one_year_home maxVolumeDataSizeMB = 150000 For the rest of the space needed by these indexes, we will create companion volume definitions on big_slow, as follows: [volume:two_year_cold] #security and chat cold storage path = /big_slow/two_year_cold maxVolumeDataSizeMB = 850000 #([security]+[chat])*1024 – 300000 [volume:one_year_cold] #web_summary cold storage path = /big_slow/one_year_cold maxVolumeDataSizeMB = 230000 #[web_summary]*1024 – 150000 Now for our remaining indexes, whose timeframe is not important, we will use big_fast and the remainder of big_slow, like so: [volume:large_home] #web and app home storage path = /big_fast/large_home maxVolumeDataSizeMB = 900000 #leaving 10% for pad [volume:large_cold] #web and app cold storage path = /big_slow/large_cold maxVolumeDataSizeMB = 3700000 #(big_slow – two_year_cold – one_year_cold)*.9 Given that the sum of large_home and large_cold is 4,600,000 MB, and a combined daily volume of web and app is 60,000 MB approximately, we should retain approximately 153 days of web and app logs with 50 percent compression. In reality, the number of days retained will probably be larger. With our volumes defined, we now have to reference them in our index definitions: [web] homePath = volume:large_home/web coldPath = volume:large_cold/web thawedPath = /big_slow/thawed/web [security] homePath = volume:two_year_home/security coldPath = volume:two_year_cold/security thawedPath = /big_slow/thawed/security coldToFrozenDir = /big_slow/frozen/security [app] homePath = volume:large_home/app coldPath = volume:large_cold/app thawedPath = /big_slow/thawed/app [chat] homePath = volume:two_year_home/chat coldPath = volume:two_year_cold/chat thawedPath = /big_slow/thawed/chat coldToFrozenDir = /big_slow/frozen/chat [web_summary] homePath = volume:one_year_home/web_summary coldPath = volume:one_year_cold/web_summary thawedPath = /big_slow/thawed/web_summary thawedPath cannot be defined using a volume and must be specified for Splunk to start. For extra protection, we specified coldToFrozenDir for the indexes’ security and chat. The buckets for these indexes will be copied to this directory before deletion, but it is up to us to make sure that the disk does not fill up. If we allow the disk to fill up, Splunk will stop indexing until space is made available. This is just one approach to using volumes. You could overlap in any way that makes sense to you, as long as you understand that the oldest bucket in a volume will be frozen first, no matter what index put the bucket in that volume. With this, we learned to operate multiple indexes and how we can get effective business intelligence out of the data without hurting system performance. If you found this tutorial useful, do check out the book Implementing Splunk 7 – Third Edition and start creating advanced Splunk dashboards. Read Next: Splunk leverages AI in its monitoring tools Splunk’s Input Methods and Data Feeds Splunk Industrial Asset Intelligence (Splunk IAI) targets Industrial IoT marketplace