Multiple Splunk indexer with same $SPLUNK_DB locat...

sujoybose77 · ‎07-27-2019

Hi,
I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk version 6.3.4.
Now I want to migrate the indexers to another VM (VM2) with newer splunk version 6.6.12 keeping the same NAS location as $SPLUNK_DB.
Is it possible? I have heard that no two indexer will see each other's indexed files. Is that true?
In that case what approach I can take to migrate my indexer?

woodcock · ‎07-28-2019

Why would you do this? Working with VMs makes this kind of thing easy so you should not need 2 indexers at the same time. Your forwarders can buffer events for the short time that it would take to upgrade your VM/splunk and have it come back up. You are overcomplicating your situation.

sujoybose77 · ‎07-29-2019

Woodcock, We have organization limitations on VM storage that's not enough to hold large amount of indexed data

woodcock · ‎07-29-2019

You need to clarify your question. It doesn't make sense to me.

Multiple Splunk indexer with same $SPLUNK_DB location

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

Join the Conversation

Multiple Splunk indexer with same $SPLUNK_DB location

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...