Splunk Search

how to copy of entire splunk instances to another instance?

marisstella
Explorer

Hii Everyone,
I want to move all the knowledge objects and everything from one splunk instance to another instance... Simply mirroring of splunk to another machine. The new instance should act as old instance in a different machine.. I have already installed one Splunk in new machine now I want to copy everything from another machine to this new machine...
How can I copy everything in a single shot?

0 Karma

nabeel652
Builder

whatever is below your /SPLUNK_HOME/etc/ folder copy it to your new instance same location. Also copy your Splunk db path to indexes which by default is /SPLUNK_HOME/var/lib/splunk/ or you can check under

Settings -> Server Settings -> General Settings -> Path to Indexes

You will have to stop Splunk on both source & destination instances to get the hot buckets rolled out to warm/cold buckets.

Carefully read this documentation before proceeding:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Installation/MigrateaSplunkinstance

0 Karma

marisstella
Explorer

Thanks for your quick reply....
Here we are actually upgrading our PRD environment to latest version directly.. So we wanted to check all the apps are running perfectly on the new dummy instance.. I have already done splunk setup on new machine..
We just need to make sure apps are running fine with new vesion.. Could you please answer to following questions?
1)Do I need to copy files ONLY from/SPLUNK_HOME/etc/?
2) Do I need to connect this dummy instance to license master?
3) Do I need to do anything else on this process?

0 Karma

nabeel652
Builder

As the documentation says you will need to copy /SPLUNK_HOME/*. In that way you'll also export all the lib and binary files as well.

No one can tell you before hand what is coming your way as this process can go like a breeze or may cause lots of problems. You can afford license violation warning on the new instance so I would say link it to the licensing master after migration.

You will need to:

  • Stop Splunk Enterprise on the host from which you want to migrate.
  • Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
  • Install the appropriate version of Splunk Enterprise for the target platform.
  • Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
  • Start Splunk Enterprise on the new instance.
  • Log into Splunk Enterprise with your existing credentials.
  • After you log in, confirm that your data is intact by searching it.
0 Karma

marisstella
Explorer

Hiii, i took tgz file of
SPLUNK_HOME to new device... Just used start command, it is working fine now... you cleared my doubt.. thanks..
1 last Q, let's say, if some apps/users or any knowledge objects are added to old SearchHead (old machine), now i tries copying them individually and pasted under there respective places like users==> etc/users
After that restarted SH of new machine but i wasn't worked..
So my question is, how do i add newly added apps or any knowledge objects of old machine to new machine manually?? (Like by copy and pasting the files)

0 Karma

marisstella
Explorer

Hi nabeel652,
Can you please look into my query?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...