Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Not able to start Splunk on Windows when coldpath is set to a CIFS share

zliu
Splunk Employee
Splunk Employee
‎09-13-2011 02:32 PM

We have configured Splunk 4.2.2 running on Windows Server 2008 R2 with a coldPath pointing to a volume ("cold") hosted on a CIFS network drive.

Contents of indexes.conf :
#Volume Definition

[volume:cold]
path = \\sjc-vault\SplunkArchive\splunk01
maxVolumeDataSizeMB = 1000000

################################################################################
# index definitions
################################################################################

[main]
coldPath = volume:cold\defaultdb\colddb
[history]
coldPath = volume:cold\historydb\colddb
[summary]
coldPath = volume:cold\summarydb\colddb
[_internal]
coldPath = volume:cold\_internaldb\colddb
[_audit]
coldPath = volume:cold\audit\colddb
[_thefishbucket]
coldPath = volume:cold\fishbucket\colddb
[_blocksignature]
coldPath = volume:cold\blockSignature\colddb

However, we get errors on startup for every index with a cold path set to the remote network drive:

In handler 'indexes': Unable to load index configuration: In index '_internal': Failed to create directory '\\sjc-vault\SplunkArchive\splunk02\_internaldb\colddb' (Cannot create a file when that file already exists.

We are using a domain account to run splunkd. This account has full rights to the shares and folders, therefore this should not be a permission issue.

Any advice is appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎06-15-2012 12:58 PM

CIFS is not a currently supported file system for Splunk indexing. Please check here for updates as new version of Splunk are made available: System Requirements:Supported File Systems

View solution in original post

Reply
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎06-15-2012 12:58 PM

CIFS is not a currently supported file system for Splunk indexing. Please check here for updates as new version of Splunk are made available: System Requirements:Supported File Systems

Reply
Solved! Jump to solution

LCM
Contributor
‎09-14-2011 04:31 AM

Curious about the msg itself: Does '\sjc-vault\SplunkArchive\splunk02_internaldb\colddb' already exist? (if yes, can you delete that and start splunk up again)

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...