Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Change var folder of Splunk to another partition

sigma
Path Finder
‎02-24-2024 10:15 AM

Hi,

I installed Splunk in a linux server on /opt/splunk. The server has two disks, one 50 GB (sdb1) and another 6 TB (sda1). I want to save /opt/splunk/var  folder (and all of its contents) of Splunk to /splunk/var (sda1) which second huge partition is mounted.

Actually I want to separate etc and var in case of partition. etc remain on sdb1 and var be in sda1.

I need a detailed solution
Thanks

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-24-2024 10:51 PM

Hi @sigma ,

as @richgalloway said, on Linux usually Splunk is installed on /opt and it's a best practice to ha file system separated from root and this location is configured in an enviromental variable called %SPLUNK_HOME.

For data it's possible to setup a variable (called $SPLUNK_DB) that indicates the location of the file system containing the data folders. not the $SPLUNK_HOME/var folder, that's a best practice to set up in a different and larger file system.

So you can go in $SPLUNK_HOME/etc/splunk-launch.conf and configure $SPLUNK_HOME variable for your system.

Obviously this action is only for Indexers or stand-alone Splunk systems, not for the other roles.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-24-2024 10:51 PM

Hi @sigma ,

as @richgalloway said, on Linux usually Splunk is installed on /opt and it's a best practice to ha file system separated from root and this location is configured in an enviromental variable called %SPLUNK_HOME.

For data it's possible to setup a variable (called $SPLUNK_DB) that indicates the location of the file system containing the data folders. not the $SPLUNK_HOME/var folder, that's a best practice to set up in a different and larger file system.

So you can go in $SPLUNK_HOME/etc/splunk-launch.conf and configure $SPLUNK_HOME variable for your system.

Obviously this action is only for Indexers or stand-alone Splunk systems, not for the other roles.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎02-24-2024 11:09 AM

Splunk has provision for two mount points: $SPLUNK_HOME (/opt/splunk, by default) and $SPLUNK_DB (/opt/splunk/var/run/splunk by default).  Breaking the file system at other points is possible using links, but doing so is uncommon and not without risks.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...