A time-series index file. Splunk creates tsidx files as it indexes raw time-series data; it places them in a compressed file alongside the raw data broken into events based on timestamps. The tsidx files are a kind of "lexicon file" in that they are a register all of the keywords in your data (error codes, response times, and so on), where each keyword is paired with a set of location references to raw data events that use that keyword. When you run a search, Splunk searches the tsidx files for the keywords and retrieves the associated events from the referenced raw data file.
As Splunk indexes your data over time, it creates multiple tsidx files. These files are appended with
.tsidx and are archived in buckets alongside corresponding
.data (raw data) files.
Splunk uses bloom filters to speed up searches; they narrow down the set of tsidx files that Splunk must search to get accurate results.
For more information
In the Admin Manual: