Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

movin an index to new server

gudavasr
Path Finder
‎06-01-2012 04:03 PM

Hi,

I am moving entire index from one server to another server. I am using deployment server to deploy the index and/of forwarder.
So, I deployed forwarder and searchhead on new box.
This is what I am planning:

1) stop splunk on old indstance (both forwarder and search head process)
2) copy entire index folders to new server
3) start splunk on new server.

Should I need to start splunk procesees before moving indexes or after moving indexes after initial installation? Because I think starting splunk on new server after initial installation will create some default directoris. And I think if I copy indexes prior to restart..it may overwrite and will have issues.
Also, how to make sure permissions set are correct when moving from one server to another?

Thank You.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Paolo_Prigione
Builder
‎06-04-2012 05:56 AM

You can copy the index files before starting splunk.
If you are on a linux box, archive/unarchive with tar and it will retain the proper permissions.
In case the userid(uid) or groupid (gid) on the new box are different, run

chown -R splunkuser:splunkgroup $SPLUNK_HOME/var/lib/splunk

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Paolo_Prigione
Builder
‎06-04-2012 05:56 AM

You can copy the index files before starting splunk.
If you are on a linux box, archive/unarchive with tar and it will retain the proper permissions.
In case the userid(uid) or groupid (gid) on the new box are different, run

chown -R splunkuser:splunkgroup $SPLUNK_HOME/var/lib/splunk
0 Karma
Reply
Solved! Jump to solution

gudavasr
Path Finder
‎06-06-2012 12:54 PM

ok..thanks that worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...