I suppose this is a multi-question post.
We have a clustered environment and are replacing the hardware our search head lives on currently. We have 1 search head, 2 indexers (clustered), and a deployment server/cluster master/license master all in one. Our environment is entirely Windows and last I checked, Search head clustering on Windows is not an option.
The new box will have a new IP and a new hostname.
My question is: Has anyone done this in the past? If so, is it as simple as transferring all of the Splunk files ( d:\program files\splunk\*.*
) to the new box? Or is there a subset of files/directories that I can simply transfer (user's/searches/stuff like that).
The issue I see standing out is obviously the name change, and probably why transferring all files over would be a bad idea 🙂
Thanks!
As of Splunk Enterprise 6.3, search head clustering is supported on Windows.
You can get away with copying over all the files. Then just edit $SPLUNK_HOME\etc\system\local\server.conf
with the updated server information and restart Splunk.
Just don't toss the old search head until you are sure the new one works! 🙂
As of Splunk Enterprise 6.3, search head clustering is supported on Windows.
You can get away with copying over all the files. Then just edit $SPLUNK_HOME\etc\system\local\server.conf
with the updated server information and restart Splunk.
Just don't toss the old search head until you are sure the new one works! 🙂
Thanks so much!