I have to install Splunk on a new Linux machine.
I would like to know if it is possible to install Splunk on a file system and store the information recovered from databases, VMWare and others on another file system different from Splunk installation folder.
if you want to put all indexes on a different filesystem, you have to modify $SPLUNK_DB variable that you can find in /opt/splunk/etc/splunk-launch.conf.
Otherwise, if you want to put only some indexes, you have to move them in the new location, following some steps:
If you want to do this on a new index, you can do it also by web gui.
Every way you can find a full description in:
On my splunk-launch.conf there are the following entry, I have to add a new entry?
# Version 6.5.0 # Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory containing the splunk # CLI executable. # # SPLUNK_HOME=C:\Program Files\Splunk # By default, Splunk stores its indexes under SPLUNK_HOME in the # var\lib\splunk subdirectory. This can be overridden # here: # # SPLUNK_DB=C:\wrangler-2.0\build-home\ivory\var\lib\splunk # Splunkd service name SPLUNK_SERVER_NAME=Splunkd # Splunkweb service name SPLUNK_WEB_NAME=splunkweb
Stop Splunk, move the data, change the indexes.conf file to point to the new location. If you're moving not just one index, but the entire $SPLUNKDB directory, you can instead edit the splunk-launch.conf file and modify the SPLUNKDB setting. Then start Splunk up again.