Deployment Architecture

What is the best process for transferring apps and user data to new search heads in AWS?

goodsellt
Contributor

We're planning on setting up replacement search heads in AWS for some current on prem search heads being phased out. Our plan was to copy over the etc/apps directory and the etc/users folder so we would transfer the apps and user data over (all the config info is also stored in etc/apps so we don't need to transfer auth or system).

Has anyone tried this method and know if it will work as we plan on doing it? In our case the servers will have different names and GUIDs so I'm not sure how that will affect the objects.

0 Karma
1 Solution

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

View solution in original post

0 Karma

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...