I have a distributed 6.2.3
setup with a single Search head
, an Indexer cluster
and a single Heavy Forwarder
. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.
I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.
Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of $SPLUNK_HOME/etc
.
Your feedback and assistance is appreciated.
Thanks.
The diag command can collect the config files into a tarball that you can copy to the new systems. You can control what data it collects. See http://docs.splunk.com/Documentation/Splunk/6.3.1511/Troubleshooting/Generateadiag.