Help with migrating entire Splunk server instance from Linux to Windows?


I am migrating Splunk from a Linux (Unbuntu 64bit) to Windows 7 (Enterprise 64bit).
Not a common situation never the less this is the situation.

Can someone with some experience in migrating from unix to windows confirm the process please?
The migration documentation states:

How to migrate
When you migrate on *nix systems, you can extract the tar file you downloaded directly over the copied files on the new system, or use your package manager to upgrade using the downloaded package. On Windows systems, the installer updates the Splunk files automatically.

  1. Stop Splunk Enterprise on the host from which you want to migrate.
  2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
  3. Install the appropriate version of Splunk Enterprise for the target platform.
  4. Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
  5. Start Splunk Enterprise on the new instance.
  6. Log into Splunk Enterprise with your existing credentials. After you login, confirm that your data is intact by searching it.

My questions are, am I correct in assuming that this method says:
a. After stopping Splunk copy everything on the Linux host in /opt/splunk, to the equivalent location on the Windows host.
b. Install the required Splunk version on the windows host in the same location, which will update all the copied linux binaries to windows.

Or is this instruction only for linux to linux or windows to windows?

Or should I simply install Splunk on the windows host and copy the etc/apps dir from the linux source rather than everything under SPLUNK_HOME (/opt/splunk)?

I would of course set all permissions on the files correctly and change all paths in config files to conform to Windows paths.

Has someone done this and will it work?

Labels (2)
0 Karma


Hi proylea,

I did that once and simply installed a fresh Splunk on Windows and copied the following directories over:

  • $SPLUNK_HOME/etc/system/local/
  • $SPLUNK_HOME/etc/apps/
  • $SPLUNK_HOME/etc/users/

and where applicable:
- $SPLUNK_HOME/etc/passwd
- $SPLUNK_HOME/etc/deployment-apps/
- and all possible clustering directories

in some special cases you end up also copy over splunk-launch.conf and/or splunk.secret but usually this is not needed.
This will work if the old and new Splunk instances will have the same name, otherwise you need to change the server name in $SPLUNK_HOME/etc/system/local/server.conf and $SPLUNK_HOME/etc/system/local/inputs.conf.
Finally the UUID could also be a problem and may need to be recreated on the new system after the migration.

Hope this helps ...

cheers, MuS


So I will be the second person to have done this? lol
I figured the instruction didn't cater for linux to windows.
Thanks for the details, a couple of gotchas there to keep and eye on.
Cheers MuS you win

0 Karma
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...