All Apps and Add-ons

How to move the index database and remove the old directory?

ryoji_solsys
Explorer

I would like to move the entire index database from "/opt/splunk/var/lib/splunk" to "/opt/splunk/var/lib/splunkdb" which is a new mount point.
I followed the direction from the documentation except I used rsync instead of cp.
It seems that everything works except when I remove the "/opt/splunk/var/lib/splunk" directory (the old index database), and restart splunk, it will add the "/opt/splunk/var/lib/splunk" directory back again. And that directory ("/opt/splunk/var/lib/splunk") contains .dat files and persistentstorage.
I would like to permanently remove the directory and only use the new mount point, "/opt/splunk/var/lib/splunkdb".
Would anyone please help me why splunk keeps adding the old directory back again, and what I can do to prevent this to happen again so that I can only use the new mount point.

Thanks

Tags (3)
0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Check your configurations for that index via btool-

splunk btool indexes list myindexname --debug

That will show you all configurations applied to that index. You might have some left over configuration in there.

0 Karma

ankireddy007
Path Finder

You cab change path to indexes in Settings>>System settings » General settings

alt text

So that future indexed data will be stored to new location.
Splunk original directory structure remains same. It won't harm you

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

As a precaution, make sure all indexes.conf stanzas actually do use $SPLUNK_DB and not an absolute fixed path to the old location.

musskopf
Builder

Sounds to be a bug or need to change an undocumented variable. Meanwhile just create a symblink 🙂

0 Karma

ryoji_solsys
Explorer

I confirmed that the path to indexes is correctly configured as "/opt/splunk/var/lib/splunkdb" which is the new mount point and new data is indexed there. The problem is that I cannot figure out why splunk keeps generating .dat files and persistentstorage in the old directory (splunk)although SPLUNK_DB is now pointing to the new directory(splunkdb).

0 Karma

DotTest37
Path Finder

Im having exactly the same problem.
How did you fix that?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...