Archive

Missing Events after SPLUNK_HOME move

New Member

Hello -

I moved the c:\program files\splunk folder to my 😧 drive for more space. Everything seems to work fine, except I'm missing events from my WinEventLog:Security SourceType. The last event is the moment I stopped the splunk service to move the database. I updated the c:\program files\splunk\etc\splunk-launch.conf to reflect the new location:

SPUNK_HOME=D:\splunk

Is there something I need to run to rebuild anything or repair permissions?

Thanks in advance -

0 Karma

Splunk Employee
Splunk Employee
  • Please check ps -ef | grep splunkd, make sure there is no dual process running.
  • Please check for splunkd.log with any errors with permissions? or grep with the path which should at-least give you something
0 Karma