Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

oplogSize default value control

stanwin
Contributor
‎01-23-2019 06:44 AM

I am working with ES Splunk & want to increase the oplogSize from 1Gig to 2Gig..

From KVStore hammer .conf talk:

1GB even works fine for a while with
premium apps — until it doesn't

https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/Serverconf

the default Serverconf file does not seem to have oplogSize setting at all. So how is the 1Gig limit enforced?

oplogSize = <integer>
* The size of the replication operation log, in MB, for environments
  with search head clustering or search head pooling.
  In a standalone environment, 20% of this size is used.
* After the KV Store has created the oplog for the first time, changing this
  setting does NOT affect the size of the oplog. A full backup and restart
  of the KV Store is required.
* Do not change this setting without first consulting with Splunk Support.
* Default: 1000MB (1GB)
0 Karma
Reply

starcher
Influencer
‎06-25-2019 09:08 AM

The default is active regardless. You should contact support on the correct steps on increasing opLog in a search head cluster. There is a very very specific order you have to do things to not wipe out your kvstore contents and it can be done without a backup and restore. I would recommend 10GB in an active ES environment.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...