Getting Data In

Problem as per screen shot - 500MB min disk space reached

Tonyrakus
Explorer

Hi Guys

I have Splunk enterprise installed. I have pulled across some directory's with files inside ( from Kali ).

The issue is I cannot bring up the files in the search and reporting app..

I believe it is because of the Messages in the screen shot below.. which I have no idea how to fix.. even after reading some forums..

I am non IT person.. and new to Splunk.

Any help would be great .

Tonyrakus_0-1597970896138.png

 

0 Karma

Tonyrakus
Explorer

This is another screen shot of the index path the data writes to.. I need to somehow get more space..

 

Tonyrakus_0-1597976706059.png

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

as you already noticed, you are running out of disc space. You must get additional volume for splunk indexes. Then you have two options: increase /opt/splunk or create own fs/volume group + splunk volume where you move your indexes. There are many examples how this should do on answers. 
r. Ismo

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...