Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Migrating ITSI from shared search head to dedicated search head?

jtsplunk
Splunk Employee
Splunk Employee
‎08-15-2017 10:22 AM

I'm looking to migrate ITSI 2.4 (IT Service Intelligence), which is on a shared, clustered set of search heads (SH)'s, to a dedicated SH running ITSI 2.6.

Is there a guide or how-to on how this might be accomplished? What sort of directories and configuration information should be moved/copied to the new location?

Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎08-15-2017 08:13 PM

ITSI uses the kv-store to maintain its data. You can run a simple backup and apply it to your dedicated search head ( I did this exact same thing last week)

To test it, you can take the backup, restore the backup on your new search head and verify your services and KPI's are populating correctly. This assumes your dedicated SH is searching the same indexers as your shared SH.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎08-15-2017 08:13 PM

ITSI uses the kv-store to maintain its data. You can run a simple backup and apply it to your dedicated search head ( I did this exact same thing last week)

To test it, you can take the backup, restore the backup on your new search head and verify your services and KPI's are populating correctly. This assumes your dedicated SH is searching the same indexers as your shared SH.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-15-2017 12:46 PM

I believe Backup and Restore option would work for you. See this for more information: https://docs.splunk.com/Documentation/ITSI/2.6.1/Configure/BackupandRestoreITSIconfig

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...