Small correction on the path of rising column file... it is at: $SPLUNK_DB/modinputs/server/splunk_app_db_connect folder/YourInputName

by default, $SPLUNK_DB points to $SPLUNK_HOME/var/lib/splunk
by default, $SPLUNK_HOME points to /opt/splunk
.....but not always.
By the way, you can change the path of $SPLUNK_DB variable in your splunk-launch.conf file

@pmalcakdoj, our paths point to the same directory.. yours is just shorter

When splunk releases newer version, I backup/archive the entire $SPLUNK_HOME path before I perform the upgrade. The size of that archive gets out of hand rather quickly if you don't change your $SPLUNK_DB path. With default settings, you will be zipping up all of your indexes every time you do this since indexes are located inside the $SPLUNK_HOME by default.

I pointed my $SPLUNK_DB to be outside of splunk installation. This has several benefits:
- my $SPLUNK_HOME zip files are 700MB (as opposed to several TB due to size of my indexes)
- you can store your indexes on separate mount point (HDD for OS, SSD for splunk indexes)
- you can have indexes at the root of the partition instead of buried many folders deep (on Windows, path length is limited)

Your path will not work for people that have changed the $SPLUNK_DB location.
Mine is more accurate

You can manipulate the Checkpoint Value from Web or CLI (in the corresponding inputs.conf) and set it to a lower value from where you want to reindex your data.

Cheers!