Solved: Maximum disk usage quota has been reached - what a...

jwalzerpitt · ‎12-07-2020

I have users getting the "maximum disk usage quota has been reached" message and from other questions and answers I see I need to increase the srchDiskQuota setting in the authorize.conf file.

I have a SHC and when I look for the authorize.conf file I see it in /opt/splunk/etc/system/default/authorize.conf - if I modify the file in that directory and then push out to my SHs, do I need to worry about the /opt/splunk/etc/system/default/authorize.conf being overwritten when I update Splunk in the future?

richgalloway · ‎12-07-2020

Yes, you do have to worry about the file being overwritten when you update Splunk. That is why every .conf file says to NOT modify the /default copy. Always make your changes in a /local directory.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

jwalzerpitt · ‎12-07-2020

Thx Rich - I'll create a new file under the /local directory

richgalloway · ‎12-07-2020

Yes, you do have to worry about the file being overwritten when you update Splunk. That is why every .conf file says to NOT modify the /default copy. Always make your changes in a /local directory.

---
If this reply helps you, Karma would be appreciated.

Maximum disk usage quota has been reached - what authorize.conf file to modify

search head clustering

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform