Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Migrate Index data from old cluster to new cluster

Yod_ssoni
Explorer
‎03-20-2018 03:10 AM

Due to increase in Splunk Data usage, we have deployed new cluster and planning to migrate few indexes to new cluster. I have checked in internet but did not find any link which show the clear steps to migrate indexed data to new cluster. Can anyone please provide the clear steps for migration. Please find below details -

Splunk Version is same in both cluster - 6.6.2 V
Existing Index Cluster - 8 Node cluster
New Index Cluster - 3 Node cluster
Need to migrate 7 Indexes from 8 node cluster to 3 node cluster.

Thanks,
Shashank Soni.

0 Karma
Reply

swmishra_splunk
Splunk Employee
Splunk Employee
‎04-16-2019 04:50 AM

For migrating the historical data from an index from old to new cluster you need to follow the below steps:-

  1. Put CM in Maintenance mode before performing the below steps.

  2. stop Splunk on the indexers (old existing cluster).

  3. copy the original buckets (not replicated) manually from the existing cluster to a different location (e.g./tmp) on the same indexers.

  4. create the index on the new indexer cluster master and push it to the new indexers.

  5. update the GUID of the new indexer cluster peers in the old indexers bucket id. (i.e. replace the current indexers GUID with the new indexers GUID at the end of the bucket name)

  6. place the buckets copied from the existing setup to the new cluster with respective bucket numbers. (bucket numbers should not conflict with each other)

  7. start indexers for the bucket to replicate to the other indexers.

  8. To get the GUID of the indexers, you can either use CM's indexer clustering page in the GUI and expand the indexer details in peers tab or navigate to the CLI of the respective indexers and check $SPLUNK_HOME/etc/instance.cfg file.

Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...