Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I migrate to a new Splunk server without re-configuring forwarders?

bayman
Path Finder
‎05-19-2017 10:44 AM

I'd like to change my Splunk server to a different Linux distribution from Fedora to Centos. Indexer, search head and splunk web is all running off of one singer server for now. If I give the new Splunk server the same IP as the existing server after shutting down the old server, do I need to do any reconfiguration of all my splunk forwarders?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-19-2017 02:21 PM

Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-19-2017 02:21 PM

Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎05-19-2017 10:59 AM

are the forwarders outputs.conf is by IP or servername?

0 Karma
Reply
Solved! Jump to solution

bayman
Path Finder
‎05-19-2017 11:07 AM

It is by IP

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎05-19-2017 11:36 AM

will ask community to verify but i think you will be fine

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-19-2017 11:54 AM

I believe they should be fine. Is your standalone instance a Deployment server as well?

0 Karma
Reply
Solved! Jump to solution

bayman
Path Finder
‎05-19-2017 12:05 PM

Forwarder management was never configured on this instance. All the apps and forwarders were manually deployed and configured from each host.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-19-2017 12:56 PM

So, as long as new standalone servers is same network configuration (IP, Firewall rule/cname etc if any), this should work just fine.

0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...