Solved: Getting additional disk space for a fast growing i...

arkadyz1 · ‎10-12-2015

We have a fast growing index which now has filled 94% of the available space. Our system administrators gave us a new device which we could mount at an additional mount point. How can we then redirect the index to utilize the new "partition"?

Since this is Linux, there is a possibility of stopping Splunk, copying the data over to the new device, then swapping mount points so that Splunk continues to work in the bigger space. I'm just wondering whether this is the optimal approach.

treinke · ‎10-13-2015

In your indexes.conf file, you can point where the path to the index is.

More information on the indexes.conf file at:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf

Example:
homePath = $SPLUNK_DB/MyIndex/db
coldPath = $SPLUNK_DB/MyIndex/colddb
thawedPath = $SPLUNK_DB/MyIndex/thaweddb

There are no answer without questions

View solution in original post

treinke · ‎10-13-2015

In your indexes.conf file, you can point where the path to the index is.

More information on the indexes.conf file at:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf

Example:
homePath = $SPLUNK_DB/MyIndex/db
coldPath = $SPLUNK_DB/MyIndex/colddb
thawedPath = $SPLUNK_DB/MyIndex/thaweddb

There are no answer without questions

Getting additional disk space for a fast growing index. What's next?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

Getting additional disk space for a fast growing index. What's next?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!