Getting Data In

Migrate indexes from a single windows drive to multiple drives


I took over to Enterprise environment awhile back that is installed on Windows server 2012r2.  We are currently running version 7.3. Indexers are setup as a multisite index cluster.  With four indexers in the primary site, and a fourth one at our site 2.

We have a requirement to move default Splunk indexes and custom event indexes to new drives installed on the index servers.  

We are attempting to utilize two new volume paths parameters in our index.conf.  One for hot/warm and 2nd one for cold.

New volumes index.conf is setup in one new app defined in the master node master/new volume app name/

Indexes are setup in another new app defined in the master node master/new index.config app name.

Bundle push was successful when looking at the peers slave-apps directory, but indexes are not populated on the new disk drives.

Splunk software was installed as local system, but later is was switch over to run as a different user.

New user has read/write to the new disk drives.

Documentation is little confusing, and it references a install on Linux more then windows

How do I get the default location of indexes to migrate to new windows disk? 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...