Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to move index database to another drive in Windows Server 2019

rahulkumarfgf
Explorer
‎01-23-2020 07:02 AM

Hey Guys! I am very new to Splunk Enterprise and it's still in testing phase. I am trying to use this documentation https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/MoveAnIndex to move my database to another drive. However, when trying "D:> cacls D:\new\path\for\index /T /E /G :F" command in Windows Server 2019 cmd, I get an error saying "The system cannot find the file specified". I am not sure why does it say that. I have created the new folder in D:\ drive and using the correct path. Any help would be much appreciated.

Thank You!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jhornsby_splunk
Splunk Employee
Splunk Employee
‎01-23-2020 12:07 PM

Hi @rahulkumarfgf,

Unfortunately I don't have a VM around to test, but I'm guessing that Microsoft finally removed cacls.exe from Windows Server as of 2019. Therefore you'll need to use the icacls.exe command instead. E.g.:
icacls D:\new\path\for\index /t /c /grant "<the user Splunk Enterprise runs as>:(OI)(CI)(F)"

Cheers,

- Jo.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jhornsby_splunk
Splunk Employee
Splunk Employee
‎01-23-2020 12:07 PM

Hi @rahulkumarfgf,

Unfortunately I don't have a VM around to test, but I'm guessing that Microsoft finally removed cacls.exe from Windows Server as of 2019. Therefore you'll need to use the icacls.exe command instead. E.g.:
icacls D:\new\path\for\index /t /c /grant "<the user Splunk Enterprise runs as>:(OI)(CI)(F)"

Cheers,

- Jo.

0 Karma
Reply
Solved! Jump to solution

rahulkumarfgf
Explorer
‎01-23-2020 02:02 PM

Thanks! I did try "icacls" but got the same error. I gave permission to the user from "Properties" Section and as of now, I was able to copy the index database. I created a new index and that shows up in the new drive as well. Hopefully, it works. Will update if anything changes.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...