Solved: Replicate VM Splunk to second VM

kmattern · ‎10-19-2010

We are planning on having two instances of Splunk running in different geographical locations. The machines will be part of mirrored server farms. Can we take a snapshot of the primary Splunk implementation and mount it on the second machine? Specifically, can we rename the new host without difficulty?

gkanapathy · ‎10-19-2010

Yes you can, as long as it is a true snapshot. The host names in Splunk will be in etc/system/inputs.conf and etc/system/server.conf, plus any other places you might have configured it. Any indexed data that references the local host name will still have the same host name when replicated, and that can not be easily changed, so you might want to use a logical/virtual host name in inputs.conf to manage this.

View solution in original post

gkanapathy · ‎10-19-2010

Yes you can, as long as it is a true snapshot. The host names in Splunk will be in etc/system/inputs.conf and etc/system/server.conf, plus any other places you might have configured it. Any indexed data that references the local host name will still have the same host name when replicated, and that can not be easily changed, so you might want to use a logical/virtual host name in inputs.conf to manage this.

Replicate VM Splunk to second VM

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services