Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows?

hagjos43
Contributor
‎12-21-2015 12:36 PM

I'm working in a test lab trying to move/archive files using the following indexes.conf file on our cluster master:

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = "$SPLUNK_HOME\Archive\defaultdb"

I'm getting the following error when trying to distribute it:

Vader:Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk"')
Palpatine:Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk"')

Any ideas?

Thanks,
Joe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hagjos43
Contributor
‎12-22-2015 09:11 AM

I figured out my issue....a simple typo was causing the issue.

For reference this is what I had:

 [main]
 repFactor = auto
 homePath   = $SPLUNK_DB\defaultdb\db
 coldPath   = $SPLUNK_DB\defaultdb\colddb
 thawedPath = $SPLUNK_DB\defaultdb\thaweddb
 maxWarmDBCount = 2
 maxDataSize = auto_high_volume
 frozenTimePeriodInSecs = 86400
 coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

This is what I did to fix it (remove the quotes around the coldToFrozenDir path and add $SPLUNK_HOME):

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb

View solution in original post

Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-22-2015 09:13 AM

Go ahead and create the directory structure and see if that works. It is probably complaining that the directory doesn't exist, so it isn't able to write the index files.

0 Karma
Reply
Solved! Jump to solution
Solution

hagjos43
Contributor
‎12-22-2015 09:11 AM

I figured out my issue....a simple typo was causing the issue.

For reference this is what I had:

 [main]
 repFactor = auto
 homePath   = $SPLUNK_DB\defaultdb\db
 coldPath   = $SPLUNK_DB\defaultdb\colddb
 thawedPath = $SPLUNK_DB\defaultdb\thaweddb
 maxWarmDBCount = 2
 maxDataSize = auto_high_volume
 frozenTimePeriodInSecs = 86400
 coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

This is what I did to fix it (remove the quotes around the coldToFrozenDir path and add $SPLUNK_HOME):

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb
Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-22-2015 09:19 AM

Ah, that error message makes sense now with the double quoting. Good catch!

Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:23 AM

So it works, but my buckets did not move. They were simply deleted out of the following directory:

$SPLUNK_HOME\var\lib\splunk\defaultdb\colddb

Any suggestions?

0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:42 AM

Eh I think I found my second issue..... man I'm full of typos and out of coffee today.... SMH.

Looks like:

coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb

Should really be: 

coldToFrozenDir = $SPLUNK_HOME\Archive\defaultdb
0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎12-22-2015 04:07 AM

Hi,

You have to setup 

coldToFrozenDir = C:\Program Files\Splunk\Archive\defaultdb"

Hope help you

0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:02 AM

I modified my indexes.conf to reflect this and it did not work:

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

Still getting:

Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk\Archive\defaultdb"')
0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎12-22-2015 09:13 AM

No quotes

coldToFrozenDir = C:\Program Files\Splunk\Archive\defaultdb

hope help you

Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-21-2015 01:04 PM

Dumb question, but do you have defaultdb created in C:\Program Files\Splunk\Archive\?

Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 03:16 AM

I do not, should I?
First time doing this.

Thanks,
Joe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...