Deployment Architecture

Can I migrate to a new Splunk server without re-configuring forwarders?

bayman
Path Finder

I'd like to change my Splunk server to a different Linux distribution from Fedora to Centos. Indexer, search head and splunk web is all running off of one singer server for now. If I give the new Splunk server the same IP as the existing server after shutting down the old server, do I need to do any reconfiguration of all my splunk forwarders?

0 Karma
1 Solution

woodcock
Esteemed Legend

Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.

View solution in original post

0 Karma

woodcock
Esteemed Legend

Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.

0 Karma

adonio
Ultra Champion

are the forwarders outputs.conf is by IP or servername?

0 Karma

bayman
Path Finder

It is by IP

0 Karma

adonio
Ultra Champion

will ask community to verify but i think you will be fine

0 Karma

somesoni2
Revered Legend

I believe they should be fine. Is your standalone instance a Deployment server as well?

0 Karma

bayman
Path Finder

Forwarder management was never configured on this instance. All the apps and forwarders were manually deployed and configured from each host.

0 Karma

somesoni2
Revered Legend

So, as long as new standalone servers is same network configuration (IP, Firewall rule/cname etc if any), this should work just fine.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...