I don't think there is a different partition for different folders...they should be on the same partition. The log.cfg is configured to log in INFO for the most part (I do not see any DEBUG level in there.) The files I mentioned in the /opt/splunk/var/log/splunk get upto 25 MB in size (which I see is the value defined in the log.cfg file: appender.metrics.maxFileSize=25000000).
There is also another property below that line in the log.cfg that says: appender.metrics.maxBackupIndex=5
I guess that is the one that is creating the multiple files with same name but increasing number in the extension?
So should I change the maxFileSize to a lower value or maybe set the maxBackUpIndex to a lower number?
... View more