All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to move the index database and remove the old directory?

ryoji_solsys
Explorer
‎08-21-2014 08:17 PM

I would like to move the entire index database from "/opt/splunk/var/lib/splunk" to "/opt/splunk/var/lib/splunkdb" which is a new mount point.
I followed the direction from the documentation except I used rsync instead of cp.
It seems that everything works except when I remove the "/opt/splunk/var/lib/splunk" directory (the old index database), and restart splunk, it will add the "/opt/splunk/var/lib/splunk" directory back again. And that directory ("/opt/splunk/var/lib/splunk") contains .dat files and persistentstorage.
I would like to permanently remove the directory and only use the new mount point, "/opt/splunk/var/lib/splunkdb".
Would anyone please help me why splunk keeps adding the old directory back again, and what I can do to prevent this to happen again so that I can only use the new mount point.

Thanks

Tags (3)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎02-08-2015 08:21 AM

Check your configurations for that index via btool-

splunk btool indexes list myindexname --debug

That will show you all configurations applied to that index. You might have some left over configuration in there.

0 Karma
Reply

ankireddy007
Path Finder
‎08-21-2014 10:50 PM

You cab change path to indexes in Settings>>System settings » General settings

alt text

So that future indexed data will be stored to new location.
Splunk original directory structure remains same. It won't harm you

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-22-2014 02:22 AM

As a precaution, make sure all indexes.conf stanzas actually do use $SPLUNK_DB and not an absolute fixed path to the old location.

Reply

musskopf
Builder
‎08-21-2014 11:06 PM

Sounds to be a bug or need to change an undocumented variable. Meanwhile just create a symblink 🙂

0 Karma
Reply

ryoji_solsys
Explorer
‎08-21-2014 11:02 PM

I confirmed that the path to indexes is correctly configured as "/opt/splunk/var/lib/splunkdb" which is the new mount point and new data is indexed there. The problem is that I cannot figure out why splunk keeps generating .dat files and persistentstorage in the old directory (splunk)although SPLUNK_DB is now pointing to the new directory(splunkdb).

0 Karma
Reply

DotTest37
Path Finder
‎02-07-2015 11:50 AM

Im having exactly the same problem.
How did you fix that?

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...