Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Vmware Indexers | How do I increase the size of the drive where my logs are indexed?

GaetanVP
Contributor
‎03-29-2022 02:40 AM

Hello Splunk commu!

I am using Indexers as Virtual Machine in VMWare, and I would like to increase the size of the drive where my logs are indexed. 

I am using lvm and I would like to know if there are some best practices to follow before extending the drive size on VMware side. Do I need to stop Splunk on the indexers before increasing the drive size ? What are the potential risks during this operation ? 

Thanks a lot for your help! 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-29-2022 02:50 AM

I'd say that theoretically, any operation on a live system involves some risk. So proper change management should account for that and should have some recovery plan in case something does fail.

Having said that - it shouldn't be that different of any other disk resize operation. Extending the disks may involve some increased I/O usage due to disk zeroing which may lead to lowered indexer performance.

Apart from that - it depends what is your disk layout - whether you have separate disk for splunk data, or just use one big device for OS and data, whether you use LVM and so on.

In general - you should be able to relatively painlessly extend the disk and the filesystem residing on it unless OS prohibits it, because - for example - you need to adjust partition sizes and the OS won't let youl So it's more of a question to your sysadmins than to splunk admin.

Edit: OK, you wrote that you're using LVM. You should be able to add some additional space to the volume pretty easily then. I don't see any big risks. Just the usual, as with any change - anything can go wrong 🙂

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...