Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Not able to start Splunk on Windows when coldpath is set to a CIFS share

zliu
Splunk Employee
Splunk Employee
‎09-13-2011 02:32 PM

We have configured Splunk 4.2.2 running on Windows Server 2008 R2 with a coldPath pointing to a volume ("cold") hosted on a CIFS network drive.

Contents of indexes.conf :
#Volume Definition

[volume:cold]
path = \\sjc-vault\SplunkArchive\splunk01
maxVolumeDataSizeMB = 1000000

################################################################################
# index definitions
################################################################################

[main]
coldPath = volume:cold\defaultdb\colddb
[history]
coldPath = volume:cold\historydb\colddb
[summary]
coldPath = volume:cold\summarydb\colddb
[_internal]
coldPath = volume:cold\_internaldb\colddb
[_audit]
coldPath = volume:cold\audit\colddb
[_thefishbucket]
coldPath = volume:cold\fishbucket\colddb
[_blocksignature]
coldPath = volume:cold\blockSignature\colddb

However, we get errors on startup for every index with a cold path set to the remote network drive:

In handler 'indexes': Unable to load index configuration: In index '_internal': Failed to create directory '\\sjc-vault\SplunkArchive\splunk02\_internaldb\colddb' (Cannot create a file when that file already exists.

We are using a domain account to run splunkd. This account has full rights to the shares and folders, therefore this should not be a permission issue.

Any advice is appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎06-15-2012 12:58 PM

CIFS is not a currently supported file system for Splunk indexing. Please check here for updates as new version of Splunk are made available: System Requirements:Supported File Systems

View solution in original post

Reply
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎06-15-2012 12:58 PM

CIFS is not a currently supported file system for Splunk indexing. Please check here for updates as new version of Splunk are made available: System Requirements:Supported File Systems

Reply
Solved! Jump to solution

LCM
Contributor
‎09-14-2011 04:31 AM

Curious about the msg itself: Does '\sjc-vault\SplunkArchive\splunk02_internaldb\colddb' already exist? (if yes, can you delete that and start splunk up again)

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...