I have installed Splunk having very limited space. I am able to manage other logs my modifying /etc/log.cfg file.
However, do not find any parameter to rotate/control splunkd_stderr.log & splunkd-utility.log.
Do we have any separate parameter/file to manage these Splunk logs?
For this specific index you can allocate (a lot) less than the 1/2 terabyte assigned, by default, for each index.
To begin with, you can run the following to know how much each index consumes -
| rest /services/data/indexes | eval perc=(currentDBSizeMB * 100 / maxTotalDataSizeMB ) | table title currentDBSizeMB maxTotalDataSizeMB perc
As you mentioned most logs can be controlled from /etc/log.cfg, however there are some logs such as splunkd_stderr.log that are effectively "hard coded" and cannot be changed. However, it was suggested that you could use a symbolic link to move the files to your preferred location.
Looks like we can manage splunkd-utility.log by changing parameter in log-utility.cfg.
Any how its 5 MB and will limit to 1 rotation than 5.
appender.A1.maxFileSize=5000000 # default: 5MB (specified in bytes).