Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to move .dat files after moving indexes to another volume?

dipereira
New Member
‎06-30-2017 12:27 PM

Hello,

I have moved our $SPLUNK_DB folder to a SSD disk to improve performance.

But I realized that .dat files are still writing in my old $SPLUNK_DB folder ($SPLUNK_HOME/var/lib/splunk) and the index folder has been updated correctly in my new SSD volume.

What files could I delete in my old folder and how I set a configuration to splunk starts writing .dat files in the new $SPLUNK_DB folder?

Obs: I have followed Splunk documentation "How to move splunk index".

0 Karma
Reply

dipereira
New Member
‎07-05-2017 10:14 AM

Anyone could help me understand why .dat files has been populated in /opt/splunk/var/lib/splunk instead of the new storage set in splunk-launch.conf at SPLUNK_DB attribute?

0 Karma
Reply

kmjefferson42
Explorer
‎06-21-2018 12:04 PM

I am curious to know also! I have moved my SPLUNK_DB to a separate drive but the .dat files are still being created/updated to the default location.

0 Karma
Reply

sbbadri
Motivator
‎06-30-2017 01:03 PM

Did you change the $SPLUNK_DB folder old path to new path under indexes.conf. This will avoid splunk under default location.

Please go through below link for further clarification,

https://answers.splunk.com/answers/149248/how-to-move-index-from-one-hard-drive-to-another-in-splunk...

0 Karma
Reply

dipereira
New Member
‎06-30-2017 01:27 PM

Hi, thanks for the fast reply! =]

I did this:

Stopped Splunk

moved the old $SPLUNK_DB($SPLUNK_HOME/var/lib/splunk) to the new one /splunkdb: cp -rp $SPLUNK_DB/* /splunkdb

Created $SPLUNK_DB variable: export SPLUNK_DB=/splunkdb

Changed the SPLUNK_DB=/splunkdb in splunk-launch.conf.

Started Splunk

After that I saw .dat been populated in old folder.

I didn't change any configuration in indexes.conf, do I need to do something there?

0 Karma
Reply

rteja9
Path Finder
‎05-06-2020 03:26 PM

Hi dipereira, I am having the same issue. I still see dat files getting generated at default locaton even after I moved DPLUNk_DB path. Did you find any solution?

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...