Getting Data In
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows?

hagjos43
Contributor
‎12-21-2015 12:36 PM

I'm working in a test lab trying to move/archive files using the following indexes.conf file on our cluster master:

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = "$SPLUNK_HOME\Archive\defaultdb"

I'm getting the following error when trying to distribute it:

Vader:Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk"')
Palpatine:Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk"')

Any ideas?

Thanks,
Joe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hagjos43
Contributor
‎12-22-2015 09:11 AM

I figured out my issue....a simple typo was causing the issue.

For reference this is what I had:

 [main]
 repFactor = auto
 homePath   = $SPLUNK_DB\defaultdb\db
 coldPath   = $SPLUNK_DB\defaultdb\colddb
 thawedPath = $SPLUNK_DB\defaultdb\thaweddb
 maxWarmDBCount = 2
 maxDataSize = auto_high_volume
 frozenTimePeriodInSecs = 86400
 coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

This is what I did to fix it (remove the quotes around the coldToFrozenDir path and add $SPLUNK_HOME):

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb

View solution in original post

Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-22-2015 09:13 AM

Go ahead and create the directory structure and see if that works. It is probably complaining that the directory doesn't exist, so it isn't able to write the index files.

0 Karma
Reply
Solved! Jump to solution
Solution

hagjos43
Contributor
‎12-22-2015 09:11 AM

I figured out my issue....a simple typo was causing the issue.

For reference this is what I had:

 [main]
 repFactor = auto
 homePath   = $SPLUNK_DB\defaultdb\db
 coldPath   = $SPLUNK_DB\defaultdb\colddb
 thawedPath = $SPLUNK_DB\defaultdb\thaweddb
 maxWarmDBCount = 2
 maxDataSize = auto_high_volume
 frozenTimePeriodInSecs = 86400
 coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

This is what I did to fix it (remove the quotes around the coldToFrozenDir path and add $SPLUNK_HOME):

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb
Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-22-2015 09:19 AM

Ah, that error message makes sense now with the double quoting. Good catch!

Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:23 AM

So it works, but my buckets did not move. They were simply deleted out of the following directory:

$SPLUNK_HOME\var\lib\splunk\defaultdb\colddb

Any suggestions?

0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:42 AM

Eh I think I found my second issue..... man I'm full of typos and out of coffee today.... SMH.

Looks like:

coldToFrozenDir = $SPLUNK_HOME\Splunk\Archive\defaultdb

Should really be: 

coldToFrozenDir = $SPLUNK_HOME\Archive\defaultdb
0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎12-22-2015 04:07 AM

Hi,

You have to setup 

coldToFrozenDir = C:\Program Files\Splunk\Archive\defaultdb"

Hope help you

0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 09:02 AM

I modified my indexes.conf to reflect this and it did not work:

[main]
repFactor = auto
homePath   = $SPLUNK_DB\defaultdb\db
coldPath   = $SPLUNK_DB\defaultdb\colddb
thawedPath = $SPLUNK_DB\defaultdb\thaweddb
maxWarmDBCount = 2
maxDataSize = auto_high_volume
frozenTimePeriodInSecs = 86400
coldToFrozenDir = "C:\Program Files\Splunk\Archive\defaultdb"

Still getting:

Cannot create index 'main': path of coldToFrozenDir must be absolute ('"C:\Program Files\Splunk\Archive\defaultdb"')
0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎12-22-2015 09:13 AM

No quotes

coldToFrozenDir = C:\Program Files\Splunk\Archive\defaultdb

hope help you

Reply
Solved! Jump to solution

jerniganbrandon
Explorer
‎12-21-2015 01:04 PM

Dumb question, but do you have defaultdb created in C:\Program Files\Splunk\Archive\?

Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-22-2015 03:16 AM

I do not, should I?
First time doing this.

Thanks,
Joe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
li.common.scroll-to.top