HI @chandupatlaMoun ,
The Splunk migration to Cloud is a job that should be planned and designed at least by a Splunk Certified Architect, It isn't a matter for a question in Community.
My first answer is to read the SCMA methodology and follow it.
I just finished a project for this, so I summarize the main steps to adapt to you infrastructure:
- analyze your perimeter and define a list of hosts, separating the ones on premise and the ones from cloud,
- analyze your data and define a list of Data Sources related to the perimeter.
- install at least two Heavy Forwarders as Concentrators for all the on premise traffic, this is mandatory to avoid to open a connection between all your hosts and Splunk Cloud.
- check the compatibility of your apps with Splunk Cloud:
- standard apps on Splunkbase,
- custom apps using Appinspect,
- identify the standard app to install on Splunk Cloud,
- solve the issues that you'll surely have on your custom apps,
- install all the standard apps on your Splunk Cloud instance (included all the Add-Ons),
- upload all the custom apps,
- move all the data sources to send logs to the HFs (Concentrators),
- enable Cloud Data Sources using the Add-Ons that Splunk supply,
- check the data sources.
This is a quick and dirty summarization, but, as i already said, this is a job for a Splunk Architect.
Ciao.
Giuseppe
