Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to migrate Splunk Heavy Forwarder to a new server?

lucas4394
Path Finder
‎07-30-2020 09:43 AM

Hi all, how to migrate Splunk Heavy Forwarder to a new server?  

Thanks.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 12:37 PM

Hi

remember that you must copy splunk.secret before you start HF first time. 
Otherwise your plan should work. If there are some other apps with different versions I would like to start with current version and then update it. Of course there are some exceptions for that. And remember shutdown those apps/inputs before you copy data and checkpoints to the new HF otherwise there will be duplicate events. 
r. Ismo

View solution in original post

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 09:46 AM

Hi

is it mandatory to migrate it or just add new one and remove old when the new is in the use?

r. Ismo

0 Karma
Reply
Solved! Jump to solution

lucas4394
Path Finder
‎07-30-2020 10:20 AM

Hi @isoutamo , thank you for your quick response.  We are going to retire the old servers and it is mandatory to migrate the Heavy Forwarder to the new servers.  My major concern is there are lots of apps with module inputs, api call, dbconnect, etc. with encrypted password or security keys on the HF, and last checkpoints are might be stored some common folders, etc.  What is the best way to handle them?  Thanks.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 10:40 AM

Can you do rpm installations and then rsync data’s and applications from here old one or do you need to update versions at the same time or later?

r. Ismo

0 Karma
Reply
Solved! Jump to solution

lucas4394
Path Finder
‎07-30-2020 11:10 AM

Hi @isoutamo , my initial plan was to install the new version of Splunk on the new server, then migrate apps by apps to the new one, but  I don't have confidence for my approach due to encrypted password and last checkpoint from the apps.

0 Karma
Reply
Solved! Jump to solution

ChrisH
Explorer
‎07-30-2020 11:40 AM

Copying the splunk.secret from the old heavy forwarder to the new one should help with the passwords.

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 12:37 PM

Hi

remember that you must copy splunk.secret before you start HF first time. 
Otherwise your plan should work. If there are some other apps with different versions I would like to start with current version and then update it. Of course there are some exceptions for that. And remember shutdown those apps/inputs before you copy data and checkpoints to the new HF otherwise there will be duplicate events. 
r. Ismo

Reply
Solved! Jump to solution

lucas4394
Path Finder
‎07-30-2020 03:47 PM

thanks.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...