Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Best practices when migrating a Windows search head to new physical hardware in an indexer clustering environment?

hagjos43
Contributor
‎02-02-2016 10:01 AM

I suppose this is a multi-question post.

We have a clustered environment and are replacing the hardware our search head lives on currently. We have 1 search head, 2 indexers (clustered), and a deployment server/cluster master/license master all in one. Our environment is entirely Windows and last I checked, Search head clustering on Windows is not an option.

The new box will have a new IP and a new hostname.

My question is: Has anyone done this in the past? If so, is it as simple as transferring all of the Splunk files ( d:\program files\splunk\*.*) to the new box? Or is there a subset of files/directories that I can simply transfer (user's/searches/stuff like that).

The issue I see standing out is obviously the name change, and probably why transferring all files over would be a bad idea 🙂

Thanks!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎02-02-2016 11:13 AM

As of Splunk Enterprise 6.3, search head clustering is supported on Windows.

You can get away with copying over all the files. Then just edit $SPLUNK_HOME\etc\system\local\server.conf
with the updated server information and restart Splunk.

Just don't toss the old search head until you are sure the new one works! 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎02-02-2016 11:13 AM

As of Splunk Enterprise 6.3, search head clustering is supported on Windows.

You can get away with copying over all the files. Then just edit $SPLUNK_HOME\etc\system\local\server.conf
with the updated server information and restart Splunk.

Just don't toss the old search head until you are sure the new one works! 🙂

Reply
Solved! Jump to solution

hagjos43
Contributor
‎02-02-2016 11:19 AM

Thanks so much!

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...