Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Temporary relocating the dispatch folder.

agodoy
Communicator
‎05-02-2013 10:47 AM

I am trying to move a massive amount of events from the main index to a dedicated index for the sourcetype. I am trying to do this by running a search and ...|collect index=dedicated index sourcetype=abc.

However, it seems like since the dispatch folder is on my / partition I am running out of space. I would like to temporarily move the folder to the same partitions that hosts the indexes since I have plenty of storage.

Any ideas on how to tackle this one?

Thanks

Tags (1)
0 Karma
Reply

agodoy
Communicator
‎05-03-2013 12:35 PM

The folder does not have much. I really would suck to do it 1 day at a time for the last 6 months.

Can I rename the main index and then creat another main index or would that mess with Splunk?

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-03-2013 12:41 PM

As long as the index is defined in indexes.conf, you can move and rename it.
So yes.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-03-2013 08:41 AM

Why not emptying the dispatch folder instead,
Or run your searches over a smaller time range ?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...