Solved: How to properly disable an index to avoid any pote...

ram254481493 · ‎06-02-2019

Hi , currently i have an index which receives data from more then 100 hosts. I have been told to disable the index , as we are in cluster i edit the indexes.conf file and added disabled=true , is it going to disable the index ? Also do i need to disable the monitoring path currently forwarded to this index ? I am confuse can any one please explain the proper steps that needs to follow to disable an index to avoid any potential impact ?

skalliger · ‎06-02-2019

Hi,

I would start by disabling the corresponding inputs.conf specification first. When you're sure no new data is coming in, you can, as you said, simply add disabled = true to the indexes.conf index' stanza.

Skalli

View solution in original post

skalliger · ‎06-02-2019

Hi,

I would start by disabling the corresponding inputs.conf specification first. When you're sure no new data is coming in, you can, as you said, simply add disabled = true to the indexes.conf index' stanza.

Skalli

ram254481493 · ‎06-03-2019

Thanks it works.

skalliger · ‎06-03-2019

Glad it worked, thanks for the feedback!

How to properly disable an index to avoid any potential impact?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!