All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to move the index database and remove the old directory?

ryoji_solsys
Explorer
‎08-21-2014 08:17 PM

I would like to move the entire index database from "/opt/splunk/var/lib/splunk" to "/opt/splunk/var/lib/splunkdb" which is a new mount point.
I followed the direction from the documentation except I used rsync instead of cp.
It seems that everything works except when I remove the "/opt/splunk/var/lib/splunk" directory (the old index database), and restart splunk, it will add the "/opt/splunk/var/lib/splunk" directory back again. And that directory ("/opt/splunk/var/lib/splunk") contains .dat files and persistentstorage.
I would like to permanently remove the directory and only use the new mount point, "/opt/splunk/var/lib/splunkdb".
Would anyone please help me why splunk keeps adding the old directory back again, and what I can do to prevent this to happen again so that I can only use the new mount point.

Thanks

Tags (3)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎02-08-2015 08:21 AM

Check your configurations for that index via btool-

splunk btool indexes list myindexname --debug

That will show you all configurations applied to that index. You might have some left over configuration in there.

0 Karma
Reply

ankireddy007
Path Finder
‎08-21-2014 10:50 PM

You cab change path to indexes in Settings>>System settings » General settings

alt text

So that future indexed data will be stored to new location.
Splunk original directory structure remains same. It won't harm you

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-22-2014 02:22 AM

As a precaution, make sure all indexes.conf stanzas actually do use $SPLUNK_DB and not an absolute fixed path to the old location.

Reply

musskopf
Builder
‎08-21-2014 11:06 PM

Sounds to be a bug or need to change an undocumented variable. Meanwhile just create a symblink 🙂

0 Karma
Reply

ryoji_solsys
Explorer
‎08-21-2014 11:02 PM

I confirmed that the path to indexes is correctly configured as "/opt/splunk/var/lib/splunkdb" which is the new mount point and new data is indexed there. The problem is that I cannot figure out why splunk keeps generating .dat files and persistentstorage in the old directory (splunk)although SPLUNK_DB is now pointing to the new directory(splunkdb).

0 Karma
Reply

DotTest37
Path Finder
‎02-07-2015 11:50 AM

Im having exactly the same problem.
How did you fix that?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...