Topics

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Advanced Data Management

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4

Advanced Data Management

Archive via file copy

You can use Splunk's CLI to copy aging data as it moves through its stages. As indexes move into the warm database ($SPLUNK_HOME/var/lib/splunk/defaultdb/db) or the cold database ($SPLUNK_HOME/var/lib/splunk/defaultdb/colddb), you can copy or move the files. To do this without stopping the Splunk server, you should first lock the directory. Unlock after the file is copied.


To use Splunk's CLI, navigate to the $SPLUNK_HOME/bin/ directory and use the ./splunk command. You can also add Splunk to your path and use the splunk command.


  1. Source the environment.

$ source $SPLUNK_HOME/bin/setSplunkEnv

  1. Run the lock command. Specify the path to the directory to lock. For example, this will lock the warm directory.

$ locktool $SPLUNK_HOME/var/lib/splunk/defaultdb/db

  1. Move the directory containing the index and data files.

$ mv $SPLUNK_HOME/var/lib/splunk/defaultdb/db/db_1181756465_1162600547_0 /home/bakunin

  1. Unlock the directory.

locktool -u $SPLUNK_HOME/var/lib/splunk/defaultdb/db

Retrieved from "http://www.splunk.com/base/Documentation/3.1.1/Tmp/AdvancedDataManagement"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.