Solved: Re: I Have Splunk Enterprise (Windows) I want to m...

OsmanElyas · ‎08-18-2023

I Have Splunk Enterprise (Windows) single entity and the indexes are in the 😧 drive and it is full and I have added new desk F: drive

I want to move my indexes to the new drive do I need to specify any change related to the new drive

richgalloway · ‎08-22-2023

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

OsmanElyas · ‎08-18-2023

@richgalloway I am already started moving %SPLUNK_DB% files from 😧 to F:

What is the reference you referring too ( I am using windows server)

richgalloway · ‎08-18-2023

Your indexes.conf files (there may be several of them) should contain file paths that tell Splunk where to store data. Those file paths will contain drive letters that will have to be changed to the new drive.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎08-18-2023

I would shut down Splunk and move the %SPLUNK_DB% files from D to F. While that is happening, change all references from D to F in indexes.conf. Then restart Splunk.

---
If this reply helps you, Karma would be appreciated.

OsmanElyas · ‎08-22-2023

It works but for some app there is time window for the events not as before but I consider it work fine.

@richgalloway Thanks

richgalloway · ‎08-22-2023

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

Splunk Enterprise (Windows): How to move my indexes to new drive?

configuration

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application