Solved: Getting additional disk space for a fast growing i...

arkadyz1 · ‎10-12-2015

We have a fast growing index which now has filled 94% of the available space. Our system administrators gave us a new device which we could mount at an additional mount point. How can we then redirect the index to utilize the new "partition"?

Since this is Linux, there is a possibility of stopping Splunk, copying the data over to the new device, then swapping mount points so that Splunk continues to work in the bigger space. I'm just wondering whether this is the optimal approach.

treinke · ‎10-13-2015

In your indexes.conf file, you can point where the path to the index is.

More information on the indexes.conf file at:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf

Example:
homePath = $SPLUNK_DB/MyIndex/db
coldPath = $SPLUNK_DB/MyIndex/colddb
thawedPath = $SPLUNK_DB/MyIndex/thaweddb

There are no answer without questions

View solution in original post

treinke · ‎10-13-2015

In your indexes.conf file, you can point where the path to the index is.

More information on the indexes.conf file at:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf

Example:
homePath = $SPLUNK_DB/MyIndex/db
coldPath = $SPLUNK_DB/MyIndex/colddb
thawedPath = $SPLUNK_DB/MyIndex/thaweddb

There are no answer without questions

Getting additional disk space for a fast growing index. What's next?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

Getting additional disk space for a fast growing index. What's next?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine