All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to move the index database and remove the old directory?

ryoji_solsys
Explorer
‎08-21-2014 08:17 PM

I would like to move the entire index database from "/opt/splunk/var/lib/splunk" to "/opt/splunk/var/lib/splunkdb" which is a new mount point.
I followed the direction from the documentation except I used rsync instead of cp.
It seems that everything works except when I remove the "/opt/splunk/var/lib/splunk" directory (the old index database), and restart splunk, it will add the "/opt/splunk/var/lib/splunk" directory back again. And that directory ("/opt/splunk/var/lib/splunk") contains .dat files and persistentstorage.
I would like to permanently remove the directory and only use the new mount point, "/opt/splunk/var/lib/splunkdb".
Would anyone please help me why splunk keeps adding the old directory back again, and what I can do to prevent this to happen again so that I can only use the new mount point.

Thanks

Tags (3)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎02-08-2015 08:21 AM

Check your configurations for that index via btool-

splunk btool indexes list myindexname --debug

That will show you all configurations applied to that index. You might have some left over configuration in there.

0 Karma
Reply

ankireddy007
Path Finder
‎08-21-2014 10:50 PM

You cab change path to indexes in Settings>>System settings » General settings

alt text

So that future indexed data will be stored to new location.
Splunk original directory structure remains same. It won't harm you

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-22-2014 02:22 AM

As a precaution, make sure all indexes.conf stanzas actually do use $SPLUNK_DB and not an absolute fixed path to the old location.

Reply

musskopf
Builder
‎08-21-2014 11:06 PM

Sounds to be a bug or need to change an undocumented variable. Meanwhile just create a symblink 🙂

0 Karma
Reply

ryoji_solsys
Explorer
‎08-21-2014 11:02 PM

I confirmed that the path to indexes is correctly configured as "/opt/splunk/var/lib/splunkdb" which is the new mount point and new data is indexed there. The problem is that I cannot figure out why splunk keeps generating .dat files and persistentstorage in the old directory (splunk)although SPLUNK_DB is now pointing to the new directory(splunkdb).

0 Karma
Reply

DotTest37
Path Finder
‎02-07-2015 11:50 AM

Im having exactly the same problem.
How did you fix that?

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...