Is it possible to change dump folder on a windows ...

linspec9721 · ‎09-02-2022

Hello all,

how is possible to change default dump folder on Windows?

gcusello · ‎09-05-2022

as @Azeemering asked, what do you mean with "dump folder"?

Anyway, on Splunk you can modify the installation folder (called $SPLUNK_HOME) and the folder containing the indexes (called $SPLUNK_DB).

The folder containing temporary files ($SPLUNK_HOME/var/run) isn't changeable.

Ciao.

Giuseppe

linspec9721 · ‎09-07-2022

Hello @Azeemering @gcusello,

I mean the crash dump folder.

Is it possibile to change the /var/log/splunk folder path?

I am on 9.0.0.

Thank you

gcusello · ‎09-07-2022

Hi @linspec9721,

for my knowldege, the only changeable folders are the installation folder (called $SPLUNK_HOME) and the folder containing the indexes (called $SPLUNK_DB), not others.

Why do you want to change it?

in this way, crash logs are indexed by Splunk and you maintain them.

Ciao.

Giuseppe

linspec9721 · ‎09-07-2022

Hi,

sometimes it happens that crash dumps fill up the partion of $SPLUNK_HOME and we need to manually clean it.

Thank you.

gcusello · ‎09-07-2022

Hi @linspec9721,

this means that you have a very narrow filesystem, maybe it could be a good idea giving a little more space to your file system.

Anyway, I suppose that it isn't so frequent a crash of your system, so deleting crash log files isn't a so frequent job.

Ciao.

Giuseppe

Azeemering · ‎09-05-2022

What do you mean? I don't understand your question.

Please read this:
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Dump

Is it possible to change dump folder on a windows splunk ent. instance?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...