Installation

Help with migrating entire Splunk server instance from Linux to Windows?

proylea
Contributor

I am migrating Splunk from a Linux (Unbuntu 64bit) to Windows 7 (Enterprise 64bit).
Not a common situation never the less this is the situation.

Can someone with some experience in migrating from unix to windows confirm the process please?
The migration documentation states:

How to migrate
When you migrate on *nix systems, you can extract the tar file you downloaded directly over the copied files on the new system, or use your package manager to upgrade using the downloaded package. On Windows systems, the installer updates the Splunk files automatically.

  1. Stop Splunk Enterprise on the host from which you want to migrate.
  2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
  3. Install the appropriate version of Splunk Enterprise for the target platform.
  4. Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
  5. Start Splunk Enterprise on the new instance.
  6. Log into Splunk Enterprise with your existing credentials. After you login, confirm that your data is intact by searching it.

My questions are, am I correct in assuming that this method says:
a. After stopping Splunk copy everything on the Linux host in /opt/splunk, to the equivalent location on the Windows host.
b. Install the required Splunk version on the windows host in the same location, which will update all the copied linux binaries to windows.

Or is this instruction only for linux to linux or windows to windows?

Or should I simply install Splunk on the windows host and copy the etc/apps dir from the linux source rather than everything under SPLUNK_HOME (/opt/splunk)?

I would of course set all permissions on the files correctly and change all paths in config files to conform to Windows paths.

Has someone done this and will it work?

Labels (2)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi proylea,

I did that once and simply installed a fresh Splunk on Windows and copied the following directories over:

  • $SPLUNK_HOME/etc/system/local/
  • $SPLUNK_HOME/etc/apps/
  • $SPLUNK_HOME/etc/users/

and where applicable:
- $SPLUNK_HOME/etc/passwd
- $SPLUNK_HOME/etc/deployment-apps/
- and all possible clustering directories

in some special cases you end up also copy over splunk-launch.conf and/or splunk.secret but usually this is not needed.
This will work if the old and new Splunk instances will have the same name, otherwise you need to change the server name in $SPLUNK_HOME/etc/system/local/server.conf and $SPLUNK_HOME/etc/system/local/inputs.conf.
Finally the UUID could also be a problem and may need to be recreated on the new system after the migration.

Hope this helps ...

cheers, MuS

proylea
Contributor

So I will be the second person to have done this? lol
I figured the instruction didn't cater for linux to windows.
Thanks for the details, a couple of gotchas there to keep and eye on.
Cheers MuS you win

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...