When splunk releases newer version, I backup/archive the entire $SPLUNK_HOME path before I perform the upgrade. The size of that archive gets out of hand rather quickly if you don't change your $SPLUNK_DB path. With default settings, you will be zipping up all of your indexes every time you do this since indexes are located inside the $SPLUNK_HOME by default.
I pointed my $SPLUNK_DB to be outside of splunk installation. This has several benefits:
- my $SPLUNK_HOME zip files are 700MB (as opposed to several TB due to size of my indexes)
- you can store your indexes on separate mount point (HDD for OS, SSD for splunk indexes)
- you can have indexes at the root of the partition instead of buried many folders deep (on Windows, path length is limited)
Your path will not work for people that have changed the $SPLUNK_DB location.
Mine is more accurate
... View more