Setting the homePath option in indexes.conf on Win...

maverick · ‎07-30-2010

On Windows, I want to set the homePath in my indexes.conf file for a new index I created, which is located on my E:\ drive.

The online Splunk guides have examples that use

homePath = $SPLUNK_HOME/blah/....

but there are no examples of how an actual path on Windows would be specified.

I have the following setting in my indexes.conf, which does not seem to work.

[myIndex]
homePath = e:\Splunk_Indexes\myIndex\

Assuming my format is incorrect, what is the path supposed to look like so that Splunk used my E:\ drive?

treinke · ‎07-30-2010

This is what I did. I have higher speed drives for the data coming in and then the cold data gets moved to a lower speed / high capacity drive.

Make a copy of c:\program files\splunk\etc\system\default\indexes.conf and place it in c:\program files\splunk\etc\system\local\

Change the $SPLUNK_DB of the index you want to move.

Example:

[myindex]
homePath   = E:\SplunkIndexes-warm\myindex\db
coldPath   = F:\SplunkIndexes-cold\myindex\colddb
thawedPath = F:\SplunkIndexes-thawed\myindex\thaweddb
maxMemMB = 20
maxConcurrentOptimizes = 6
maxHotIdleSecs = 86400
maxHotBuckets = 10
maxDataSize = auto_high_volume

Once you save the file, restart Splunk and it will move the effected indexes to the new folder/drives.

There are no answer without questions

Setting the homePath option in indexes.conf on Windows?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...