Warm Databases not moving to cold database locatio...

esanz07 · ‎07-26-2010

I modified $SPLUNK_HOME/etc/system/local/indexes.conf for the specific index to keep only 10 warm databases; however, it is not working as I have over 160 warm databases in my local disk under the "db" directory.

Is this the incorrect file?

Configuration as follows:

[serverlogs]
coldPath = /mnt/splunk_data/serverlogs_01/colddb
homePath = /splunk_data/serverlogs/db
thawedPath = /mnt/splunk_data/serverlogs_01/thaweddb
maxWarmDBCount = 10

Version: 4.1.3

gkanapathy · ‎08-20-2010

Does Splunk have permissions or any problems writing to the coldPath? Also, are there any indications in splunkd.log of any problems (or successes) rolling the warm buckets?

esanz07 · ‎07-26-2010

Yes; several times.

The changes were made several restarts ago.

Any other ideas?

Genti · ‎07-26-2010

did you restart the server once you changed the configuration?

Warm Databases not moving to cold database location

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation