Installation

How do we upgrade our 3 indexer cluster to a 4 indexer cluster with the latest Splunk version and migrate the old data?

athorat
Communicator

We have a distributed clustered environment and need to upgrade it to the latest version.
The plan is to install the latest version on a new set of physical servers.
How do we migrate the old data from the existing infrastructure (3 indexer cluster) to the new 4 indexer cluster.

Labels (2)
0 Karma

esix_splunk
Splunk Employee
Splunk Employee

If you can, your easiest solution would be run both clusters in parallel and utilize hybrid / distributed search to search the new and old clusters. Once your data is aged out, you can decommission the old clusters.

Another option would be to bring the new members into the cluster, up the REP factor and Search factor to balance across to the new members. Then decommission the older servers from the cluster..

0 Karma

athorat
Communicator

Thanks for the reply @esix

Thats a good option to run both servers in to parallel but if we decommission the old servers how about the users reports extracted fields, dashboards and other data.

How do we have those in the new systems.
We have one search head and 3 indexers. Planning to have 2 search heads and 4 indexers.

couple of questions regarding the second option. if we add new members to the cluster and up the rep factor how about the old data from the old servers if they are decommissioned.

If we have to migrate the users, reports, dashboards and alerts, what would be the approach to move them.

Thanks.

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...