Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Migrated to new server, not displaying results for old index

jsb22
Path Finder
‎03-06-2012 05:43 AM

I have just gone through the process of migrating to a new server, I did the following:

  • Installed splunk on new server & did basic configurations (Authentication, etc)
  • Copied a custom app with custom dashboards
  • Stopped the old and new server
  • Copied the indexes from the old server to the new server
  • Copied the indexes.conf over to the new server
  • Started the new server
  • Ensured the indexes were enabled by default for the user role i'm using

When I check my custom dashboards, they are only showing results for items that have come in since I started the new server. All indexes are named the same, and it appears it's seeing it because it's showing new events, just not the old ones. Also, the servers are running the same versions.
Any ideas?

UPDATE:
The splunkd.log is reflecting the following:
-0400 ERROR DatabaseDirectoryManager - failed to open <>\db\db_1330693566_1330645912_92.sizeManifest4.1 for writing size (Access is denied.)

Permission issue? Anyone know the default permission set for an index folder on Server 2008 R2?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎03-13-2012 05:11 PM

You need to ensure that the User running Splunk (by default the 'Local System User' on a Windows instance) has full access permissions to the $SPLUNK_DB location. When Splunk starts up, it will run through a validation check on existing index directories to verify that it has the correct permissions to create & modify files in those locations.

The user needs full permissions, read + write

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎03-13-2012 05:11 PM

You need to ensure that the User running Splunk (by default the 'Local System User' on a Windows instance) has full access permissions to the $SPLUNK_DB location. When Splunk starts up, it will run through a validation check on existing index directories to verify that it has the correct permissions to create & modify files in those locations.

The user needs full permissions, read + write

0 Karma
Reply
Solved! Jump to solution

jsb22
Path Finder
‎03-14-2012 07:11 AM

Thank you, thats' what I needed. It appears when I copied the indexes over, the permissions only applied to the folders and not the subfolders and files. Once I applied to all, everything poped in and the errors were resolved.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...