Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

/logs/audit/db/ -- delete files from this folder

stevewong1290
New Member
‎12-07-2012 08:36 PM

Received some error that indexing is paused since /logs/audit/db/ was full of logs. Deleted some of the folders from /logs/audit/db/ to clear some space and now Splunkd does not start. Please assist in getting this working again. Thanks in advance.

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎12-08-2012 11:15 AM

Check to see if the disk that Splunk uses for indexing is out of space. This will cause Splunk to stop indexing.
As the Splunk admin, look under Manager -> System Settings -> General Settings for the following values

Path to indexes - this is where the Splunk indexes are stored. From this, you should be able to tell which volume/disk is being used.

Pause indexing if free disk space falls below - this setting defines the minimum free disk space. If the free space on the disk/volume falls below this, Splunk will pause indexing.

More information on these settings here (Scroll to the last part of the page.)

I believe this is probably what has happened here. But I could be wrong. How many files were in the /log/audit/db directory? What was the exact error message? (You can find it in $SPLUNK_HOME/var/log/splunk/splunkd.log)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...