Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Migrate Splunk to a new server

erstexas
Path Finder
‎08-20-2013 08:43 AM

I will be moving an existing Splunk installation (and all the data, inputs and customizations, etc) over to a new server (Linux to Linux) and from what I gathered from all the documentation, the process would be this:

  1. Install a default Splunk installation on the new server
  2. Make sure Splunk is not running on both servers
  3. Copy the entire install directory (/opt/splunk/ in my case) from the old server to the new server overwriting all files
  4. Start Splunk on the new server

Is this the entire process for a Linux to Linux server migration? I just need clarification because there are conflicting pieces of advice on whether you copy the files over first and then install Splunk on top, or install Splunk first and then copy the files over the new installation.

Please advise.

Tags (3)
0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎08-20-2013 08:58 AM

Depends on the version numbers. In theory, you can do this:

  1. Stop Splunk on OLD server
  2. Copy /opt/splunk to NEW server
  3. Start Splunk on NEW server.

However, if this is also your indexer, you may have to wait a looong time to transfer the indexes.

Reply

erstexas
Path Finder
‎08-20-2013 10:39 AM

Latest and greatest version - 5.0.4

And yes, this is the indexer. I'm looking at applying retention rules to the indexes before migration to hopefully reduce db sizes.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...