Deployment Architecture

What is the best approach to migrating search head to new server?

Hudond
Path Finder

Good Afternoon

I wanted to reach out to the community for some assistance/clarification  on the best approach to change a search head with 2 index peers to a new windows server?

We currently have one search head acting as the license master with two index peers that it is connected to.  The search head server is being decommissioned so I will need to swap out the search head and license master to the new server. 

Is there a recommended best approach to this?   

I found the following information:

How to migrate

When you migrate on *nix systems, you can extract the tar file you downloaded directly over the copied files on the new system, or use your package manager to upgrade using the downloaded package. On Windows systems, the installer updates the Splunk files automatically.

  1. Stop Splunk Enterprise services on the host from which you want to migrate.
  2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host. Copying this directory also copies the mongo subdirectory.
  3. Install Splunk Enterprise on the new host.
  4. Verify that the index configuration (indexes.conf) file's volume, sizing, and path settings are still valid on the new host.
  5. Start Splunk Enterprise on the new instance.
  6. Log into Splunk Enterprise with your existing credentials.
  7. After you log in, confirm that your data is intact by searching it.

here:

https://docs.splunk.com/Documentation/Splunk/7.2.3/Installation/MigrateaSplunkinstance?_ga=2.7934478....

But this seems a little to simple. 

I am unable to keep the same server name and IP address that the search head has now. 

So that got me thinking this maybe simple but I just wanted to ensure I am not missing a critical step.

Thank you

Dan

 

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Hudond,

I agree with @richgalloway .

Only one additional information: if you're using Windows, don't copy the entire $SPLUNK_HOME folder, but install the same Splunk version on the new machine (with a different hostname and ip address).

then you can follow the procedure, but copying only $SPLUNK_HOME\etc folder (not the entire $SPLUNK_HOME folder), where Splunk stores all its configurations.

On Linux you can copy the entire folder, but on Windows it isn't sufficient.

Then at the end, you have to change the License master Addressing on your Indexers, so summarizing:

  • Install Splunk Enterprise on the new server.
  • Stop Splunk Enterprise services on the host from which you want to migrate.
  • Copy the entire contents of the $SPLUNK_HOME\etc directory from the old host to the new host. 
  • Start Splunk Enterprise on the new instance.
  • Log into Splunk Enterprise with your existing credentials.
  • After you log in, confirm that your data is intact by searching it.
  • Change the License Master addresses on your Indexers.

Ciao.

Giuseppe

richgalloway
SplunkTrust
SplunkTrust

How hard do you want it be?  😀

Those are the steps.  Follow them and you should be OK.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...

Splunk With AppDynamics - Meet the New IT (And Engineering) Couple

Wednesday, November 20, 2024  |  10AM PT / 1PM ET Register Now Join us in this session to learn all about ...