Splunk Enterprise

Splunk Enterprise (Windows): How to move my indexes to new drive?

OsmanElyas
Explorer

I Have Splunk Enterprise (Windows) single entity and the indexes are in the 😧 drive and it is full and I have added new desk F: drive 

I want to move my indexes to the new drive do I need to specify any change related to the new drive

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

OsmanElyas
Explorer

@richgalloway  I am already started moving  %SPLUNK_DB% files from 😧 to  F:

What is the reference you referring too ( I am using windows server)

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your indexes.conf files (there may be several of them)  should contain file paths that tell Splunk where to store data.  Those file paths will contain drive letters that will have to be changed to the new drive.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I would shut down Splunk and move the %SPLUNK_DB% files from D to F.  While that is happening, change all references from D to F in indexes.conf.  Then restart Splunk.

---
If this reply helps you, Karma would be appreciated.
0 Karma

OsmanElyas
Explorer

It works but for some app there is time window for the events not as before but I consider it work fine.

@richgalloway  Thanks 

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...