Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Temporary relocating the dispatch folder.

agodoy
Communicator
‎05-02-2013 10:47 AM

I am trying to move a massive amount of events from the main index to a dedicated index for the sourcetype. I am trying to do this by running a search and ...|collect index=dedicated index sourcetype=abc.

However, it seems like since the dispatch folder is on my / partition I am running out of space. I would like to temporarily move the folder to the same partitions that hosts the indexes since I have plenty of storage.

Any ideas on how to tackle this one?

Thanks

Tags (1)
0 Karma
Reply

agodoy
Communicator
‎05-03-2013 12:35 PM

The folder does not have much. I really would suck to do it 1 day at a time for the last 6 months.

Can I rename the main index and then creat another main index or would that mess with Splunk?

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-03-2013 12:41 PM

As long as the index is defined in indexes.conf, you can move and rename it.
So yes.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-03-2013 08:41 AM

Why not emptying the dispatch folder instead,
Or run your searches over a smaller time range ?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...