Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to migrate Heavy Forwarder from Windows server to Linux Server

Jagadeesh2022
Path Finder
‎11-12-2022 10:09 AM

Hi All,

Currently we are using 3 Heavy Forwarder in Windows server. Due to budget problem we are planning to move all HF to Linux server. 

Kindly guide and suggest how to move HF from Windows to Linux. 

How to copy to already installed apps and existing settings and configuration files from windows to Linux?

Thank in advance for your reply.

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-12-2022 05:35 PM

Splunk config files and most apps are platform-agnostic.  The files can be copied directly from %SPLUNK_HOME%/etc/system to $SPLUNK_HOME/etc/system and from %SPLUNK_HOME%/etc/apps to $SPLUNK_HOME/etc/apps.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-13-2022 01:18 AM

Hi @Jagadeesh2022,

as @richgalloway said, you can use the same configurations passing from Windows to Linux, you have only to put attention on to issues:

  • if you have to read local files, you have to change the path ("/" instead of "\") of the files to read,
  • you need of TA-Linux instead TA-Windows to monitor the machine. 

One addition information: You said that you have to change for budget reasons, in general, I hint to use Linux instead Windows in all the servers to run Splunk: I never saw large Splunk production infrastructures using Windows!

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Jagadeesh2022
Path Finder
‎11-15-2022 08:37 AM

Thank you @gcusello 

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-12-2022 05:35 PM

Splunk config files and most apps are platform-agnostic.  The files can be copied directly from %SPLUNK_HOME%/etc/system to $SPLUNK_HOME/etc/system and from %SPLUNK_HOME%/etc/apps to $SPLUNK_HOME/etc/apps.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Jagadeesh2022
Path Finder
‎11-15-2022 08:37 AM

Thank you @richgalloway 

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...