Deployment Architecture

How to migrate an index from a single instance to a clustered index?

ranjitbrhm1
Communicator

hello everyone

I have a fortinet index that I would like to migrate to a 2 instance cluster ( one is having the data other indexer is not having the data). I have the following files on my indexer folder

colddb
datamodel_summary
db
thaweddb

I have tried copying the guide and renaming the file to

colddb_XXXX
datamodel_summary_XXXX
db_XXXX
thaweddb_XXXX

When I start Splunk back again nothing gets clustered instead it just creates new folders and does nothing. Can anyone tell me what I am doing wrong here?
Thanks

0 Karma
1 Solution

dxu_splunk
Splunk Employee
Splunk Employee

for data you want to become clustered, you'll want to rename the folders inside these folders (db/ colddb/ datamodel_summary/) into its clustered version. for example.

db/db_A_B_0
db/db_C_D_1

should be renamed

db/db_A_B_0_GUID
db/db_C_D_1_GUID

on startup, the Splunk indexer will infer that these individual buckets are clustered buckets because of the existence of "_GUID" at the end of folder name.

View solution in original post

dxu_splunk
Splunk Employee
Splunk Employee

for data you want to become clustered, you'll want to rename the folders inside these folders (db/ colddb/ datamodel_summary/) into its clustered version. for example.

db/db_A_B_0
db/db_C_D_1

should be renamed

db/db_A_B_0_GUID
db/db_C_D_1_GUID

on startup, the Splunk indexer will infer that these individual buckets are clustered buckets because of the existence of "_GUID" at the end of folder name.

ranjitbrhm1
Communicator

Thanks for your assistance. But it doesnt seem to be working. Actually i read the exact same method that you suggested somewhere else as well. I might be missing some crucial step here. I have an index called web inside the web folder there is db and inside db is the folder
db_1523802056_1523197336_0
my guid is : C8F87DC9-9F30-4747-A1A4-8D4186FF4DBE
so i renamed my db into folder inside db into
db_1523802056_1523197336_0_C8F87DC9-9F30-4747-A1A4-8D4186FF4DBE
and i restarted the individual indexer. but nothing seems to be happening. Do i have to restart the cluster master as well to kick this thing off?

0 Karma

dxu_splunk
Splunk Employee
Splunk Employee

Hey ranjit, have you made the index a clustered index? you'll need to set repFactor=auto for all indexes you'd like to be clustered (on the cluster master etc/master-apps/_cluster/local/indexes.conf, and then push the cluster bundle)

ranjitbrhm1
Communicator

Now its replicating. Thanks.

0 Karma

sudosplunk
Motivator

Hello, please have a look at below for detailed and better explanation.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Indexer/Migratenon-clusteredindexerstoaclustereden...

0 Karma

ranjitbrhm1
Communicator

I am trying to join this server into the cluster. This server is not part of the cluster earlier. So this index was residing on the cluster before i tried to join on to the cluster. So your solution wont work here. Sorry.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...