Deployment Architecture

What is the best process for transferring apps and user data to new search heads in AWS?

goodsellt
Contributor

We're planning on setting up replacement search heads in AWS for some current on prem search heads being phased out. Our plan was to copy over the etc/apps directory and the etc/users folder so we would transfer the apps and user data over (all the config info is also stored in etc/apps so we don't need to transfer auth or system).

Has anyone tried this method and know if it will work as we plan on doing it? In our case the servers will have different names and GUIDs so I'm not sure how that will affect the objects.

0 Karma
1 Solution

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

View solution in original post

0 Karma

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...