How to copy configurations from the search head, h...

bit_bucket · ‎01-21-2016

I have a distributed 6.2.3 setup with a single Search head, an Indexer cluster and a single Heavy Forwarder. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.

I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.

Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of $SPLUNK_HOME/etc.

Your feedback and assistance is appreciated.

Thanks.

richgalloway · ‎01-21-2016

The diag command can collect the config files into a tarball that you can copy to the new systems. You can control what data it collects. See http://docs.splunk.com/Documentation/Splunk/6.3.1511/Troubleshooting/Generateadiag.

---
If this reply helps you, an upvote would be appreciated.

How to copy configurations from the search head, heavy forwarder, and indexer cluster in one environment to a new environment?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

How to copy configurations from the search head, heavy forwarder, and indexer cluster in one environment to a new environment?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>