Deployment Architecture

Migrating Splunk Enterprise instances to new servers, what steps do I need to follow with a deployment server?

lyndac
Contributor

I currently have a Splunk environment that consists of:
1 License Manager/Deployment Server
1 Search Head
2 Indexers
1 Universal Forwarder

For reasons beyond my control the, VMs that currently host my Search Head and Indexers are being taken away. I need to create new VMs and move the search heads and indexers to the new locations. All the servers are Linux 64 bit, same OS, and all Splunk instances are 6.3.1

From the documentation, the recommended steps are to:
1) stop the instance you want to migrate;
2) copy contents of $SPLUNK_HOME to the new server;
3) install Splunk over the old stuff;
4) start Splunk on new server.

I can't find anywhere that talks about migrating to a new server when deployment server is involved. I'm thinking I need to add the following steps:
3a) On deployment server, update the deployment-apps as required to reflect new hostnames or ips
----Do I need to update any deployment server configuration (like which servers belong to which class), or can I do that via the forward management UI when the servers connect? ----
3b) Do a reload-server

I feel like I'm missing something...does this list look complete??

Thanks!

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

I guess following configuration updates are needed

  1. You would've to update serverclass.conf on deployment server to reflect new deployment-client IP/hostname.
  2. You would've to update deploymentclient.conf on deployment-clients to reflect new deployment server IP/hostname.
  3. You would've to update the reference of License Server in server.conf on all instances (SH and Indexers and Forwarders)
  4. You would've to update distsearch.conf on Search Head to update the new search peers (Indexer) IP/hostname
  5. You would've to update outputs.conf of forwarder with new Indexer IP/hostname

I guess, updates from point 3 to 5 are being handled by deployment apps.

View solution in original post

0 Karma

rita201
Loves-to-Learn

please if you are to migrate splunk that run on just one server, e.g indexer, search heard, license master, what are the steps please?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I guess following configuration updates are needed

  1. You would've to update serverclass.conf on deployment server to reflect new deployment-client IP/hostname.
  2. You would've to update deploymentclient.conf on deployment-clients to reflect new deployment server IP/hostname.
  3. You would've to update the reference of License Server in server.conf on all instances (SH and Indexers and Forwarders)
  4. You would've to update distsearch.conf on Search Head to update the new search peers (Indexer) IP/hostname
  5. You would've to update outputs.conf of forwarder with new Indexer IP/hostname

I guess, updates from point 3 to 5 are being handled by deployment apps.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...