Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

move single index to another indexer using replication?

mfrost8
Builder
‎03-12-2014 10:49 AM

I see the whole "how do I move an index from one indexer to another" question has been asked before. I see there's even a wiki entry about it. However, it looks like those are all relatively old questions/answers. I'm pretty sure those all pre-date Splunk 6.

I was curious if perhaps there's some newer method to copy an index that might involve index replication of some sort nowadays? The amount of data I have to move is fairly large and I have to move it across a WAN. It's actually an index that's auto-loadbalanced on two servers in one datacenter that I'd want to move to two other servers in another datacenter. I thought it would sure be handy if I could do something like turn on replication, let that data sync behind the scenes for a week say, then just turn the indexes off on the current servers and be done with it.

I don't suppose there is such a thing with Splunk 6? If not, then I assume the answer is still what's in the wiki.

Thanks

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-12-2014 11:30 AM

Index replication in the Splunk 5+ cluster sense doesn't replicate old buckets, and often isn't a good idea over a WAN anyway.

I'd set up a rate-limited rsync to copy over cold and warm buckets, grabbing new warm buckets once they stopped being hot. Once that's moved everything except currently hot buckets you can stop indexing on the old machines, move over the remaining buckets, and start indexing on the new machines - assuming you want to switch rather than just replicate.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...