Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to change modinputs checkpoints location

MIJ75
Explorer
‎08-10-2018 02:44 AM

Hi,

We are looking to change the location of the modinputs checkpoints.
By default, the checkpoints are in $SPLUNK_HOME/var/lib/splunk/modinputs/
I did not find any parameter to change this.
Do you know if/how we can do this?

FYI, the needs comes from our citrix servers, they start on a golden image, but have their eventlogs in a persistent location (D drive). So each time the sever reboot, we loose the checkpoints and all the events in the eventlogs are forwarded, so we have duplicate events in splunk. We'd like to define the location of the checkpoints to the persistent location.

If not possible we'll have to use the current_only parameter in the input, but we'll lose some startup event and we'd like to avoid this.

Thanks
Michael

Reply

jconger
Splunk Employee
Splunk Employee
‎08-10-2018 06:50 AM

I haven't tested this, but a symbolic link may work. Link either the entire modinputs folder, or individual subfolders to a folder on your 😧 drive. This would require a change on your PVS or MCS golden image though.

Reply

MIJ75
Explorer
‎08-13-2018 01:37 AM

Yes, we thought about this option. Not tested yet. I'll check with the citrix admin.
But I would check if we can change this default path with a config file or something before doing this.

Thanks for your input.

0 Karma
Reply

MIJ75
Explorer
‎08-23-2018 01:52 AM

Just to let you know. We have tested the symbolic links and all is working as expected.
Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...