Vmware Indexers | How do I increase the size of th...

GaetanVP · ‎03-29-2022

Hello Splunk commu!

I am using Indexers as Virtual Machine in VMWare, and I would like to increase the size of the drive where my logs are indexed.

I am using lvm and I would like to know if there are some best practices to follow before extending the drive size on VMware side. Do I need to stop Splunk on the indexers before increasing the drive size ? What are the potential risks during this operation ?

Thanks a lot for your help!

PickleRick · ‎03-29-2022

I'd say that theoretically, any operation on a live system involves some risk. So proper change management should account for that and should have some recovery plan in case something does fail.

Having said that - it shouldn't be that different of any other disk resize operation. Extending the disks may involve some increased I/O usage due to disk zeroing which may lead to lowered indexer performance.

Apart from that - it depends what is your disk layout - whether you have separate disk for splunk data, or just use one big device for OS and data, whether you use LVM and so on.

In general - you should be able to relatively painlessly extend the disk and the filesystem residing on it unless OS prohibits it, because - for example - you need to adjust partition sizes and the OS won't let youl So it's more of a question to your sysadmins than to splunk admin.

Edit: OK, you wrote that you're using LVM. You should be able to add some additional space to the volume pretty easily then. I don't see any big risks. Just the usual, as with any change - anything can go wrong 🙂

Vmware Indexers | How do I increase the size of the drive where my logs are indexed?

indexer

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!