Multiple Splunk indexer with same $SPLUNK_DB locat...

sujoybose77 · ‎07-27-2019

Hi,
I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk version 6.3.4.
Now I want to migrate the indexers to another VM (VM2) with newer splunk version 6.6.12 keeping the same NAS location as $SPLUNK_DB.
Is it possible? I have heard that no two indexer will see each other's indexed files. Is that true?
In that case what approach I can take to migrate my indexer?

woodcock · ‎07-28-2019

Why would you do this? Working with VMs makes this kind of thing easy so you should not need 2 indexers at the same time. Your forwarders can buffer events for the short time that it would take to upgrade your VM/splunk and have it come back up. You are overcomplicating your situation.

sujoybose77 · ‎07-29-2019

Woodcock, We have organization limitations on VM storage that's not enough to hold large amount of indexed data

woodcock · ‎07-29-2019

You need to clarify your question. It doesn't make sense to me.

Multiple Splunk indexer with same $SPLUNK_DB location

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Join the Conversation

Multiple Splunk indexer with same $SPLUNK_DB location

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...