Installation

Help with migrating entire Splunk server instance from Linux to Windows?

proylea
Contributor

I am migrating Splunk from a Linux (Unbuntu 64bit) to Windows 7 (Enterprise 64bit).
Not a common situation never the less this is the situation.

Can someone with some experience in migrating from unix to windows confirm the process please?
The migration documentation states:

How to migrate
When you migrate on *nix systems, you can extract the tar file you downloaded directly over the copied files on the new system, or use your package manager to upgrade using the downloaded package. On Windows systems, the installer updates the Splunk files automatically.

  1. Stop Splunk Enterprise on the host from which you want to migrate.
  2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
  3. Install the appropriate version of Splunk Enterprise for the target platform.
  4. Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
  5. Start Splunk Enterprise on the new instance.
  6. Log into Splunk Enterprise with your existing credentials. After you login, confirm that your data is intact by searching it.

My questions are, am I correct in assuming that this method says:
a. After stopping Splunk copy everything on the Linux host in /opt/splunk, to the equivalent location on the Windows host.
b. Install the required Splunk version on the windows host in the same location, which will update all the copied linux binaries to windows.

Or is this instruction only for linux to linux or windows to windows?

Or should I simply install Splunk on the windows host and copy the etc/apps dir from the linux source rather than everything under SPLUNK_HOME (/opt/splunk)?

I would of course set all permissions on the files correctly and change all paths in config files to conform to Windows paths.

Has someone done this and will it work?

Labels (2)
0 Karma

MuS
Legend

Hi proylea,

I did that once and simply installed a fresh Splunk on Windows and copied the following directories over:

  • $SPLUNK_HOME/etc/system/local/
  • $SPLUNK_HOME/etc/apps/
  • $SPLUNK_HOME/etc/users/

and where applicable:
- $SPLUNK_HOME/etc/passwd
- $SPLUNK_HOME/etc/deployment-apps/
- and all possible clustering directories

in some special cases you end up also copy over splunk-launch.conf and/or splunk.secret but usually this is not needed.
This will work if the old and new Splunk instances will have the same name, otherwise you need to change the server name in $SPLUNK_HOME/etc/system/local/server.conf and $SPLUNK_HOME/etc/system/local/inputs.conf.
Finally the UUID could also be a problem and may need to be recreated on the new system after the migration.

Hope this helps ...

cheers, MuS

proylea
Contributor

So I will be the second person to have done this? lol
I figured the instruction didn't cater for linux to windows.
Thanks for the details, a couple of gotchas there to keep and eye on.
Cheers MuS you win

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...