Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

When does Splunk roll internal logs?

glitchcowboy
Path Finder
‎10-26-2012 06:03 AM

I need to limit the disk usage on splunk's internal logs. (/opt/splunkforwarder/var/log/splunk). I've set the $SPLUNK_HOME/etc/log.cfg on the forwarder for ALL entries like this:

xxxxx.XX.maxFileSize=10000000 # default: 25MB (specified in bytes).
xxxxx.XX.maxBackupIndex=2

But I still have 5 metrics.log files and they're all 25MB after a splunk restart.

Any idea when they rotate and/or how to force it?

Reply

gfuente
Motivator
‎12-03-2014 03:14 AM

Hello

With the new settings Splunk will mantain only 2 files per log type, but it won´t delete the existing ones. So you need to delete manually the existing *.3 *.4 and *.5 files, to recover the used space

Regards

Reply

Dark_Ichigo
Builder
‎03-04-2013 07:54 PM

This is a good question, can anyone please update us on this?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...