Deployment Architecture

What is the best process for transferring apps and user data to new search heads in AWS?

goodsellt
Contributor

We're planning on setting up replacement search heads in AWS for some current on prem search heads being phased out. Our plan was to copy over the etc/apps directory and the etc/users folder so we would transfer the apps and user data over (all the config info is also stored in etc/apps so we don't need to transfer auth or system).

Has anyone tried this method and know if it will work as we plan on doing it? In our case the servers will have different names and GUIDs so I'm not sure how that will affect the objects.

0 Karma
1 Solution

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

View solution in original post

0 Karma

woodcock
Esteemed Legend

Assuming that no setup.xml was in the app (most do not have this), then just copy it directly from $SPLUNK_HOME/etc/apps/* from CLI. You do not even have to stop splunk on the source Search Head. If you only have GUI, then use this great app:

https://splunkbase.splunk.com/app/2613/

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...