Deployment Architecture

How to migrate local summary index on standalone search head to a clustered environment on indexers?

96nick
Communicator

Hey all, just need a sanity check:

I would like to migrate a summary index located on a standalone search head to a clustered index on my indexers. This was found after setting up the monitoring console in distributed mode and running a health check.

How would I do this? I have a feeling that a scp of the local indexed data to a indexer wouldn't replicate the data evenly (unless Splunk figures this out and does some magic). An idea I had was to push a new index via the CM and change the reports to use this newly-pushed index, although that would require some dashboard modifications since this summary index is used in our email dashboard, and the old data would just be sitting there and I'd like to have as few indexes out there as possible to follow best practices.

I had a couple steps written down to do, but I'd like to get a confirmation before I give it a go:

  1. Create new index (with new name) on CM and push to indexers
  2. Stop local summary index on SH

...

Thanks for your help!

Labels (2)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...