Deployment Architecture

How to copy configurations from the search head, heavy forwarder, and indexer cluster in one environment to a new environment?

New Member

I have a distributed 6.2.3 setup with a single Search head, an Indexer cluster and a single Heavy Forwarder. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.

I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.

Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of $SPLUNK_HOME/etc.

Your feedback and assistance is appreciated.


0 Karma


The diag command can collect the config files into a tarball that you can copy to the new systems. You can control what data it collects. See

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...