Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

change location of Database containing seekAddress and seekCRC for monitored files

Superjo007
Loves-to-Learn
‎01-31-2024 04:34 AM

Hello Splunk community,

I would like to know if there is a way to change the database location of monitored file in slunk universal forwarder, similarly to what fluentbit allow with the DB property (https://docs.fluentbit.io/manual/pipeline/inputs/tail).

My splunk universal forwarder is running in a container and access a shared mount containing my applications log files and in case the the splunk uf container restart I would like to prevent the monitored files to be reindexed from the beginning.

Is there a config to choose the database location?

Cheers in advance

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-31-2024 05:53 AM

Splunk stores that information in the "fishbucket" at /opt/splunkforwarder/var/lib/splunk/fishbucket/splunk_private_db.  That database cannot be changed or moved, but you should be able to backup and restore it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...