I have a fortinet index that I would like to migrate to a 2 instance cluster ( one is having the data other indexer is not having the data). I have the following files on my indexer folder
colddb datamodel_summary db thaweddb
I have tried copying the guide and renaming the file to
colddb_XXXX datamodel_summary_XXXX db_XXXX thaweddb_XXXX
When I start Splunk back again nothing gets clustered instead it just creates new folders and does nothing. Can anyone tell me what I am doing wrong here?
I am trying to join this server into the cluster. This server is not part of the cluster earlier. So this index was residing on the cluster before i tried to join on to the cluster. So your solution wont work here. Sorry.
Ah, I see. See if these links help you,
for data you want to become clustered, you'll want to rename the folders inside these folders (db/ colddb/ datamodel_summary/) into its clustered version. for example.
should be renamed
on startup, the Splunk indexer will infer that these individual buckets are clustered buckets because of the existence of "_GUID" at the end of folder name.
Thanks for your assistance. But it doesnt seem to be working. Actually i read the exact same method that you suggested somewhere else as well. I might be missing some crucial step here. I have an index called web inside the web folder there is db and inside db is the folder
my guid is : C8F87DC9-9F30-4747-A1A4-8D4186FF4DBE
so i renamed my db into folder inside db into
and i restarted the individual indexer. but nothing seems to be happening. Do i have to restart the cluster master as well to kick this thing off?
Hey ranjit, have you made the index a clustered index? you'll need to set repFactor=auto for all indexes you'd like to be clustered (on the cluster master etc/master-apps/_cluster/local/indexes.conf, and then push the cluster bundle)