IT Operations Discussions
All the up-time. All the nines.

Splunk not working after migrating splunk Version 6.5.3 to AWS instance with splunk Version 8.0.5

sree007
Explorer

Hello,

I am trying to migrate the splunk from a physical machine to AWS, the version running on the physical machine is 6.5.3 and one on the AWS is 8.0.5, i have rsync the splunk home but it didnt work. Can you  suggest me the best way i can have all the data up and running on the latest splunk in AWS.

Thanks

Sreejith

Tags (2)
0 Karma

sree007
Explorer

Thank you it worked by step by step upgrade

0 Karma

sree007
Explorer

Just want to clear that i am able to telnet the 8000 port within the splunk machine but not accessible from my browser. Also i have my splund.log have entries

09-12-2020 12:34:20.444 +0000 ERROR AggregatorMiningProcessor - Expected boolean value for setting "ADD_EXTRA_TIME_FIELDS", instead got:  ...defaulting to true.

Is this something i have to be worried about

0 Karma

isoutamo
SplunkTrust
SplunkTrust
What your migration.log to 7.1 said and are there anything else in your splunkd.log?
r. Ismo
0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
In document https://docs.splunk.com/Documentation/Splunk/8.0.6/Installation/AboutupgradingREADTHISFIRST it’s said that you must be first in version 7.x. So check first can you migrate from 6.5.3 to 7 or must you go through 6.6 or can you go directly 7.x. After that you can update it to 8.x.
r. Ismo

sree007
Explorer

Hello,

 

Thank you  for the reply.

As you suggested also from the splunk doc https://docs.splunk.com/Documentation/Splunk/8.0.5/Installation/HowtoupgradeSplunk , i have tried upgrading step by step. I couldnt find any download link for the version 7.0, so upgraded the current version 6.5.3 to 7.1  which is available in the splunk download link https://www.splunk.com/en_us/download/previous-releases.html#tabs/linux. But after when i start my splunk from command line but the web portal is still not up, but i can telent the 8000 port. Let me know if i have missed anything from my side.

Thanks

Sreejith

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...