Getting Data In

Migrating Splunk Enterprise from one machine to other

chintan_shah
Path Finder

Hi,

I need to migrate Splunk Enterprise from one machine to other machine. Currently I am running Splunk 6.4 and wants it to run on Splunk 6.6.

Could someone suggest me the steps to do the same? Should i install Splunk Enterprise 6.4 in new machine and then move all the indexers or then upgrade? or should i install Splunk 6.6 and then move all the indexers?

Tags (1)
0 Karma
1 Solution

rphillips_splk
Splunk Employee
Splunk Employee

@chintan_shah

You could upgrade to 6.6 on the old machine, install Splunk Enterprise 6.6 on the new machine and then follow steps to migrate a Splunk instance :

https://docs.splunk.com/Documentation/Splunk/6.6.3/Installation/MigrateaSplunkinstance

View solution in original post

rphillips_splk
Splunk Employee
Splunk Employee

@chintan_shah

You could upgrade to 6.6 on the old machine, install Splunk Enterprise 6.6 on the new machine and then follow steps to migrate a Splunk instance :

https://docs.splunk.com/Documentation/Splunk/6.6.3/Installation/MigrateaSplunkinstance

chintan_shah
Path Finder

Hi @rphillips,
As per the documentation, they have mentioned to install Splunk after you have moved the data from one machine to other machine.

0 Karma

rphillips_splk
Splunk Employee
Splunk Employee

@chintan_shah there shouldn't be an issue if you upgrade the old instance first then proceed with copying the entire contents of the $SPLUNK_HOME directory from the old host to the new host. or you can follow the steps from our docs:

1.]Stop Splunk Enterprise on the host from which you want to migrate.
2.]Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
3.]Install the appropriate version of Splunk Enterprise for the target platform.
4.]Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
5.]Start Splunk Enterprise on the new instance.
6.]Log into Splunk Enterprise with your existing credentials.
7.]After you log in, confirm that your data is intact by searching it.

0 Karma

chintan_shah
Path Finder

Hi @rphillips,

I have various apps,lookups,schedule searches, reports, dashboards and config file changes. Should all this files be present at Search Head or Indexer?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...