Hey all, just need a sanity check:
I would like to migrate a summary index located on a standalone search head to a clustered index on my indexers. This was found after setting up the monitoring console in distributed mode and running a health check.
How would I do this? I have a feeling that a scp of the local indexed data to a indexer wouldn't replicate the data evenly (unless Splunk figures this out and does some magic). An idea I had was to push a new index via the CM and change the reports to use this newly-pushed index, although that would require some dashboard modifications since this summary index is used in our email dashboard, and the old data would just be sitting there and I'd like to have as few indexes out there as possible to follow best practices.
I had a couple steps written down to do, but I'd like to get a confirmation before I give it a go:
- Create new index (with new name) on CM and push to indexers
- Stop local summary index on SH
...
Thanks for your help!
