Multiple Splunk indexer with same $SPLUNK_DB locat...

sujoybose77 · ‎07-27-2019

Hi,
I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk version 6.3.4.
Now I want to migrate the indexers to another VM (VM2) with newer splunk version 6.6.12 keeping the same NAS location as $SPLUNK_DB.
Is it possible? I have heard that no two indexer will see each other's indexed files. Is that true?
In that case what approach I can take to migrate my indexer?

woodcock · ‎07-28-2019

Why would you do this? Working with VMs makes this kind of thing easy so you should not need 2 indexers at the same time. Your forwarders can buffer events for the short time that it would take to upgrade your VM/splunk and have it come back up. You are overcomplicating your situation.

sujoybose77 · ‎07-29-2019

Woodcock, We have organization limitations on VM storage that's not enough to hold large amount of indexed data

woodcock · ‎07-29-2019

You need to clarify your question. It doesn't make sense to me.

Multiple Splunk indexer with same $SPLUNK_DB location

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation