Getting Data In

Can we delete the Splunk internal log files which are running in the path /opt/splunk/var/log/splunk?

Kaushikkatta03
Explorer

We have a storage outage in one of our client's Splunk servers. Can we delete the internal logs?

0 Karma

muebel
SplunkTrust
SplunkTrust

Hi kaushikkatta03, you can probably delete any of the rotated logs (those that end with .1 , .2 etc.). If the environment is functioning correctly, you should expect those logs to already be indexed in Splunk, and so will be available there.

If possible, you should tarball the logs up and move them to some other area where you have enough space. With that being said, deleting the rotated logs won't have any impact on the system's performance, and so you should be able to do that.

Please let me know if this answers your question!

0 Karma

ddrillic
Ultra Champion

Right.

-rw-------. 1 splnkprd dce 25000131 Apr 13 08:06 metrics.log.2
-rw-------. 1 splnkprd dce 25000228 Apr 13 10:29 audit.log.1
-rw-------. 1 splnkprd dce 25000250 Apr 13 13:40 splunkd_access.log.1
-rw-------. 1 splnkprd dce 25000472 Apr 13 18:10 splunkd_ui_access.log.1
-rw-------. 1 splnkprd dce 25000123 Apr 13 21:15 metrics.log.1

They are probably very safe to delete.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...