Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Replicate VM Splunk to second VM

kmattern
Builder
‎10-19-2010 06:24 PM

We are planning on having two instances of Splunk running in different geographical locations. The machines will be part of mirrored server farms. Can we take a snapshot of the primary Splunk implementation and mount it on the second machine? Specifically, can we rename the new host without difficulty?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-19-2010 06:43 PM

Yes you can, as long as it is a true snapshot. The host names in Splunk will be in etc/system/inputs.conf and etc/system/server.conf, plus any other places you might have configured it. Any indexed data that references the local host name will still have the same host name when replicated, and that can not be easily changed, so you might want to use a logical/virtual host name in inputs.conf to manage this.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎10-19-2010 06:43 PM

Yes you can, as long as it is a true snapshot. The host names in Splunk will be in etc/system/inputs.conf and etc/system/server.conf, plus any other places you might have configured it. Any indexed data that references the local host name will still have the same host name when replicated, and that can not be easily changed, so you might want to use a logical/virtual host name in inputs.conf to manage this.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...