We are in the process of upgrading our splunk server hardware and I was looking for some sort of best practice. I am hoping to keep everything the same in the new server (ip, name ect ect) So it is more of a clone that I am looking to do.
Any feed back would be appreciated.
Hi freeborn
as long as the OS stays the same, meaning during your hardware update you will not change the OS, it is more a matter of how to clone the OS and data.
If you setup both servers (old and new in parallel) Splunk itself can be moved/cloned/migrated onto new hardware, read more about this in the Migrating a Splunk Install wiki.
Here is the link http://wiki.splunk.com/Deploy:Migrating_a_Splunk_Install
hope this helps.....
cheers,
MuS
Your link is missing one 'l'. Correct link is http://wiki.splunk.com/Deploy:Migrating_a_Splunk_Install
Thanks for the hint @dale.lakes8769 !
I had to add a line break after the link otherwise the second l
is being cut off - very strange ?!? Anyway added the link as well.
What options do recommend for using rsync to move the splunk database (indexes) to the new server? I have my splunkDB outside of the /opt/splunk directory tree because it is a separate volume (raid array). I've already successfully used tar to get /opt/splunk over there and unpacked it and have it running, but I think that tar is not the tool for moving the index data as it is so large. I'm planning to shut down both splunk instances before moving the splunkdB, is there anything else to do before moving (copying it, actually).