Can anyone help me with the steps to move a Splunk master server to a new instance?


Hi All,

We would like to move our existing master server instance(which acts as License master, DMC, Cluster Master, Search Head Deployer as well as Deployment server) to another new instance having same IPaddress and hostname due to underlying physical server issues. Can anyone provide or validate with the list of steps for an optimal way of doing this without disturbing the existing environment?

Here are the following steps I found to perform given as per the documentation for migrating Splunk instance you have provided-

In our case:

*1. We will stop the splunk master first.
2. Rename the new instance host-name and ipaddress same as master.
3. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
4. Install the appropriate version of Splunk Enterprise for the target platform.
5. Start Splunk Enterprise on the new instance.
6. Log into Splunk Enterprise with your existing credentials *

Will this help in case of current scenario, because my current master has following roles (which acts as License master, DMC, Cluster Master, Search Head Deployer as well as Deployment server)??

Labels (1)
0 Karma


please accept the answer if it was helpful 🙂

0 Karma



best pratices is to have a dedicated server for all these roles but if you have a small set up that shouldn´t be a problem to combine them.

You should find a manual on how to move all of these roles in splunk docs or on anwers

General one :

Cluster Master:

Deployer :

License Master:

For the deployment server you can set up an app on the old one to deploy to the clients with the deploymentclient.conf with the new server. IF you did not set the deployment server in /system/local. Than you have to change it manually.

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...