I am getting this message, when I start splunk (version 4.2):
'You are low in disk space on partition "/opt/splunk/var/lib/splunk/audit/db". Indexing has been paused. Will resume when free disk space rises above 200MB.'
It seems like some unnecessary duplicate files are being created in the folder: /opt/splunk/var/log/splunk which is affecting the disk space. For example: metrics.log1, metrics.log2, etc, splunkd_access.log1, splunkd_access.log2, etc. After I delete these extra files, I get my splunk working correctly without these error message. I was wondering if there was some configuration or setting somewhere where I could switch of ( stop) writing to these redundant files, so that it would not create these extra files.
... View more