Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do we upgrade our 3 indexer cluster to a 4 indexer cluster with the latest Splunk version and migrate the old data?

athorat
Communicator
‎12-08-2015 01:06 PM

We have a distributed clustered environment and need to upgrade it to the latest version.
The plan is to install the latest version on a new set of physical servers.
How do we migrate the old data from the existing infrastructure (3 indexer cluster) to the new 4 indexer cluster.

Labels (2)
Labels
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎12-08-2015 01:55 PM

If you can, your easiest solution would be run both clusters in parallel and utilize hybrid / distributed search to search the new and old clusters. Once your data is aged out, you can decommission the old clusters.

Another option would be to bring the new members into the cluster, up the REP factor and Search factor to balance across to the new members. Then decommission the older servers from the cluster..

0 Karma
Reply

athorat
Communicator
‎12-08-2015 02:54 PM

Thanks for the reply @esix

Thats a good option to run both servers in to parallel but if we decommission the old servers how about the users reports extracted fields, dashboards and other data.

How do we have those in the new systems.
We have one search head and 3 indexers. Planning to have 2 search heads and 4 indexers.

couple of questions regarding the second option. if we add new members to the cluster and up the rep factor how about the old data from the old servers if they are decommissioned.

If we have to migrate the users, reports, dashboards and alerts, what would be the approach to move them.

Thanks.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...