Installation

Migrated to new server, not displaying results for old index

Path Finder

I have just gone through the process of migrating to a new server, I did the following:

  • Installed splunk on new server & did basic configurations (Authentication, etc)
  • Copied a custom app with custom dashboards
  • Stopped the old and new server
  • Copied the indexes from the old server to the new server
  • Copied the indexes.conf over to the new server
  • Started the new server
  • Ensured the indexes were enabled by default for the user role i'm using

When I check my custom dashboards, they are only showing results for items that have come in since I started the new server. All indexes are named the same, and it appears it's seeing it because it's showing new events, just not the old ones. Also, the servers are running the same versions.
Any ideas?

UPDATE:
The splunkd.log is reflecting the following:
-0400 ERROR DatabaseDirectoryManager - failed to open <>\db\db_1330693566_1330645912_92.sizeManifest4.1 for writing size (Access is denied.)

Permission issue? Anyone know the default permission set for an index folder on Server 2008 R2?

Tags (2)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

You need to ensure that the User running Splunk (by default the 'Local System User' on a Windows instance) has full access permissions to the $SPLUNK_DB location. When Splunk starts up, it will run through a validation check on existing index directories to verify that it has the correct permissions to create & modify files in those locations.

The user needs full permissions, read + write

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

You need to ensure that the User running Splunk (by default the 'Local System User' on a Windows instance) has full access permissions to the $SPLUNK_DB location. When Splunk starts up, it will run through a validation check on existing index directories to verify that it has the correct permissions to create & modify files in those locations.

The user needs full permissions, read + write

View solution in original post

0 Karma

Path Finder

Thank you, thats' what I needed. It appears when I copied the indexes over, the permissions only applied to the folders and not the subfolders and files. Once I applied to all, everything poped in and the errors were resolved.

0 Karma