Splunk Enterprise Security

Any idea how I can troubleshoot this indexes.conf config?



I have this indexes.conf and added a frozen archive. The path is fully readable and writable by the Splunk user account. But when I add this config stanza the indexer fails to start. Just starting with this so I am curious what area some areas I should check.

alt text

0 Karma

  • Are you starting Splunk from the shell?
  • Are there any errors presented there?
  • If so, what are you seeing?

Take a look at:

There are several other log files in that directory that may be worth looking at including crash dumps.

0 Karma

Ultra Champion

What does splunkd.log say?

0 Karma