oplogSize default value control

stanwin · ‎01-23-2019

I am working with ES Splunk & want to increase the oplogSize from 1Gig to 2Gig..

From KVStore hammer .conf talk:

1GB even works fine for a while with
premium apps — until it doesn't

https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/Serverconf

the default Serverconf file does not seem to have oplogSize setting at all. So how is the 1Gig limit enforced?

oplogSize = <integer>
* The size of the replication operation log, in MB, for environments
  with search head clustering or search head pooling.
  In a standalone environment, 20% of this size is used.
* After the KV Store has created the oplog for the first time, changing this
  setting does NOT affect the size of the oplog. A full backup and restart
  of the KV Store is required.
* Do not change this setting without first consulting with Splunk Support.
* Default: 1000MB (1GB)

starcher · ‎06-25-2019

The default is active regardless. You should contact support on the correct steps on increasing opLog in a search head cluster. There is a very very specific order you have to do things to not wipe out your kvstore contents and it can be done without a backup and restore. I would recommend 10GB in an active ES environment.

oplogSize default value control

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Data Management Digest – January 2026

Splunk SOAR Now Available on Google Cloud Platform

Join the Conversation

oplogSize default value control

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Data Management Digest – January 2026

Splunk SOAR Now Available on Google Cloud Platform