Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Setting different Locations for Home and Cold storage

mookiie2005
Communicator
‎06-28-2013 08:15 AM

We are trying to set two separate locations to store hot/warm and cold indexes. We see the $splunk_db field value in the splunk-launch.conf file currently it is set to SPLUNK_DB=E:\Splunkdata\Indexes. So for a entry in indexes.conf could we do the following:

Current Setting:

[akamai]
coldPath=$SPLUNK_DB\akamai\colddb
homePath=$SPLUNK_DB\akamai\db
thawedPath=$SPLUNK_DB\akamai\thaweddb
frozenTimePeriodInSecs=7776000

What we hope to do:

[akamai]
coldPath=F:\Splunkdata\Indexes\akamai\colddb
homePath=E:\Splunkdata\Indexes\akamai\db
thawedPath=$SPLUNK_DB\akamai\thaweddb
frozenTimePeriodInSecs=7776000

we want to store the home path on dedicated storage on drive E and the cold on SAN storage drive F. Is the above possible?

Alternatively could we set something like the below up in splunk-launch.conf:

SPLUNK_DB=E:\Splunkdata\Indexes
SPLUNK_DB_01=F:\Splunkdata\Indexes

and in indexes.conf have the following:

[akamai]
coldPath=$SPLUNK_DB_01\akamai\colddb
homePath=$SPLUNK_DB\akamai\db
thawedPath=$SPLUNK_DB\akamai\thaweddb
frozenTimePeriodInSecs=7776000

Is either of these two methods possible? Is one recommended?

Tags (3)
0 Karma
Reply

aholzer
Motivator
‎06-28-2013 10:41 AM

yes that's what I meant. Currently your paths just show up as one long string with no way of telling where they are new sub-directories.

Example:
you have: thawedPath=$SPLUNK_DBakamaithaweddb
I'm guessing it should be: thawedPath=$SPLUNK_DB\/akamai\/thaweddb

0 Karma
Reply

mookiie2005
Communicator
‎06-28-2013 10:02 AM

What do you mean "escape" the slashes like "/" or do you mean something else?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-28-2013 09:54 AM

In general, putting hot/warm and cold on two different storage volumes is possible and fairly common. You could say that's a main purpose of having warm and cold separated.

I'm not 100% certain whether Splunk will recognize custom additional variables or not, just give it a shot with a temporary testing index. If that works then you should use the variable to simplify changes.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-28-2013 10:04 AM

A fully qualified path will always work, you should test using a second variable though if you expect a large number of settings to be based on that. Otherwise you will have maintenance hell down the road.

0 Karma
Reply

mookiie2005
Communicator
‎06-28-2013 10:00 AM

Yes but how do we do that? Can we just use the fully qualified path to the directory?

0 Karma
Reply

aholzer
Motivator
‎06-28-2013 08:30 AM

You may want to edit your question and escape your slashes so that they appear in your post and make your configurations much more readable

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...