Solved: Re: What is "default.old.<date>" and can it be rem...

fatsug · ‎07-06-2022

Hello community

After a small "snafu" with new dashboards and version number, I noticed that after the rollout in our distributed environment there was, what seemed like, a local backup present:

/opt/splunk/etc/apps/<appname>/default.old.20220705-235555/

The date lines up with the rollout of dashboards receiving a "This dashboard view is deprecated and will be removed in future versions of Splunk software" error. Hence, I suspect these are connected in some way.

So the dashboards were "repaired" by just dropping the version number by "1", though the "backup files" are still there.

The only difference I notice are the install_source_checksum and the changes made to dashboards.

So, is it OK to just delete this "backup" folder? If so, is there a preferred way to do so or just remove it?

richgalloway · ‎07-06-2022

I believe it is safe to remove the "default.old" folders. There's no Splunk way to do it so just use rm -r.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎07-06-2022

I believe it is safe to remove the "default.old" folders. There's no Splunk way to do it so just use rm -r.

---
If this reply helps you, Karma would be appreciated.

fatsug · ‎07-06-2022

I've been watching the folder and it has not been accessed once, neither is there a single difference except for the later modification. Hence, removing it seemed safe enough and I have not observed any issues.

Thx

What is "default.old.<date>" and can it be removed

administration

other

using Splunk Enterprise

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Enterprise Security Content Update (ESCU) | New Releases