splunk - 切换默认的日志存储目录
访问量: 30
refer to: https://www.doubao.com/thread/wadbb0a22724175ac
sudo /opt/splunk/bin/splunk stop
sudo /opt/splunk/bin/splunk status
# 创建目标目录并授权
sudo mkdir -p /data/splunk_db
sudo chown -R splunk:splunk /data/splunk_db
sudo chmod -R 700 /data/splunk_db
# 迁移默认数据目录(默认 SPLUNK_DB 为 /opt/splunk/var/lib/splunk)
sudo cp -a /opt/splunk/var/lib/splunk/* /data/splunk_db/
Splunk 的核心配置文件为 /opt/splunk/etc/splunk-launch.conf,直接修改该文件:
SPLUNK_DB=/data/splunk_db
# 重启 Splunk
sudo /opt/splunk/bin/splunk start
(可选)sudo rm -rf /opt/splunk/var/lib/splunk/*