Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my index to change the cold path?

stcrispan
Communicator
‎04-25-2019 09:58 AM

We just got done adding another 6T to our Splunk server. We'd planned to create another directory under $SPLUNK_DB, and then change all the indexes' Cold Path to include that new directory in the path.

However, when I went to change the Cold Path, I found I was unable to change it.

How do I change the cold path?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎04-25-2019 10:15 AM

Hi stcrispan,
as described at https://docs.splunk.com/Documentation/Splunk/7.2.6/Indexer/Moveanindex you have to follow these items:

  • create a new directory on the new storage,
  • modify the indexes.conf file where your index is setted inserting the new path for colddb;
  • stop splunk,
  • if there are some data on your colddb copy them in the new location,
  • restart Splunk.

Remember to use an absolute path for the new location.
Otherwise, before restarting your Splunk, you have to repeat the previous process for all the indexes you have and then change DB_PATH variable in $SPLUNK_HOME/etc/splunk-launch.conf.

In this way, your indexes are addressed to the new location.

Bye.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution

stcrispan
Communicator
‎04-25-2019 11:09 AM

Thank you!

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎04-25-2019 10:15 AM

Hi stcrispan,
as described at https://docs.splunk.com/Documentation/Splunk/7.2.6/Indexer/Moveanindex you have to follow these items:

  • create a new directory on the new storage,
  • modify the indexes.conf file where your index is setted inserting the new path for colddb;
  • stop splunk,
  • if there are some data on your colddb copy them in the new location,
  • restart Splunk.

Remember to use an absolute path for the new location.
Otherwise, before restarting your Splunk, you have to repeat the previous process for all the indexes you have and then change DB_PATH variable in $SPLUNK_HOME/etc/splunk-launch.conf.

In this way, your indexes are addressed to the new location.

Bye.
Giuseppe

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...