Setting the homePath option in indexes.conf on Win...

maverick · ‎07-30-2010

On Windows, I want to set the homePath in my indexes.conf file for a new index I created, which is located on my E:\ drive.

The online Splunk guides have examples that use

homePath = $SPLUNK_HOME/blah/....

but there are no examples of how an actual path on Windows would be specified.

I have the following setting in my indexes.conf, which does not seem to work.

[myIndex]
homePath = e:\Splunk_Indexes\myIndex\

Assuming my format is incorrect, what is the path supposed to look like so that Splunk used my E:\ drive?

treinke · ‎07-30-2010

This is what I did. I have higher speed drives for the data coming in and then the cold data gets moved to a lower speed / high capacity drive.

Make a copy of c:\program files\splunk\etc\system\default\indexes.conf and place it in c:\program files\splunk\etc\system\local\

Change the $SPLUNK_DB of the index you want to move.

Example:

[myindex]
homePath   = E:\SplunkIndexes-warm\myindex\db
coldPath   = F:\SplunkIndexes-cold\myindex\colddb
thawedPath = F:\SplunkIndexes-thawed\myindex\thaweddb
maxMemMB = 20
maxConcurrentOptimizes = 6
maxHotIdleSecs = 86400
maxHotBuckets = 10
maxDataSize = auto_high_volume

Once you save the file, restart Splunk and it will move the effected indexes to the new folder/drives.

There are no answer without questions

Setting the homePath option in indexes.conf on Windows?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation