Deployment Architecture

How to copy configurations from the search head, heavy forwarder, and indexer cluster in one environment to a new environment?

New Member

I have a distributed 6.2.3 setup with a single Search head, an Indexer cluster and a single Heavy Forwarder. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.

I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.

Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of $SPLUNK_HOME/etc.

Your feedback and assistance is appreciated.


0 Karma


The diag command can collect the config files into a tarball that you can copy to the new systems. You can control what data it collects. See

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...