Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to migrate local summary index on standalone search head to a clustered environment on indexers?

96nick
Communicator
‎10-02-2020 08:41 AM

Hey all, just need a sanity check:

I would like to migrate a summary index located on a standalone search head to a clustered index on my indexers. This was found after setting up the monitoring console in distributed mode and running a health check.

How would I do this? I have a feeling that a scp of the local indexed data to a indexer wouldn't replicate the data evenly (unless Splunk figures this out and does some magic). An idea I had was to push a new index via the CM and change the reports to use this newly-pushed index, although that would require some dashboard modifications since this summary index is used in our email dashboard, and the old data would just be sitting there and I'd like to have as few indexes out there as possible to follow best practices.

I had a couple steps written down to do, but I'd like to get a confirmation before I give it a go:

  1. Create new index (with new name) on CM and push to indexers
  2. Stop local summary index on SH

...

Thanks for your help!

Labels (2)
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Top