- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

I have users getting the "maximum disk usage quota has been reached" message and from other questions and answers I see I need to increase the srchDiskQuota setting in the authorize.conf file.
I have a SHC and when I look for the authorize.conf file I see it in /opt/splunk/etc/system/default/authorize.conf - if I modify the file in that directory and then push out to my SHs, do I need to worry about the /opt/splunk/etc/system/default/authorize.conf being overwritten when I update Splunk in the future?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Yes, you do have to worry about the file being overwritten when you update Splunk. That is why every .conf file says to NOT modify the /default copy. Always make your changes in a /local directory.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Thx Rich - I'll create a new file under the /local directory
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Yes, you do have to worry about the file being overwritten when you update Splunk. That is why every .conf file says to NOT modify the /default copy. Always make your changes in a /local directory.
If this reply helps you, Karma would be appreciated.
