thanks @gcusello.
I have mapped shared drive with name"B" which I am able to access in file explorer then while creating new index I enter B drive path for coldpath but it gives me error- "The system cannot find the path specified" and unable to save.
1. so I thought I need to install splunk using domain account so that it can access mapped drive?
2. also regarding response time, if IOPS are high then does it still have slow response time?
3. Is there any better way to store cold buckets on separate drive instead of local drive?

@gcusello,
Any thoughts on above query....It would be great help for me.

Hi @ips_mandar,
I don't think that's needed a domain account but surely you have to give to the user used to run Splunk all the grants to access B: drive.

About response time, high IOPS means that you have quicker response time in your searches than slow disks (e.g. NAS), instead if you have data accessed by many searches in remote disks you'll have higher response times.
For this reason, you should analyze what's the time period of the most searches in your Splunk and increase the retention time of warm data (those stored on fast disks), in this way slow searches will be less and the most response time will be fast because they use the fastest disks.

About the third question, usually older data is stored in less valuable storage even if it indicates that searches on this piece of data will be slower, your solution is one of them and should be OK, usually I saw NAS.

Only one additional hint, analyze deeper the operative system of your Splunk servers: I never saw large Splunk infrastructure based on Windows!

Ciao.
Giuseppe

Thank you.

You're welcome.
Ciao and next time!
Giuseppe