Re: Move bucket between 2 different Splunks

hketer · ‎12-10-2019

Hi Everyone!

I've tested the transferring buckets between 2 different Splunks, both of them are Win.
Transferred .bucketManifest file and hot_v1_0 folder from the old Splunk to the New.
After restart I still cant see the data.
I also tried to transfer the the db folder .

What am I missing?
Please assist.

Thank you!! 🙂

schose · ‎12-10-2019

Hi,

you can just copy one index to another host (as far as there are single-instances) - there are no issues with that. just make sure your settings for indexes.conf are the same and file permissions are set accordingly.

This also works for clustered enviorments with a little more efford.

Regards,

Andreas

hketer · ‎12-10-2019

Thank you for answering!
I did all of these and yet I cant search the data.

hketer · ‎12-10-2019

Splunk version - Win 7.3

Move bucket between 2 different Splunks

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation