How do we upgrade our 3 indexer cluster to a 4 ind...

athorat · ‎12-08-2015

We have a distributed clustered environment and need to upgrade it to the latest version.
The plan is to install the latest version on a new set of physical servers.
How do we migrate the old data from the existing infrastructure (3 indexer cluster) to the new 4 indexer cluster.

esix_splunk · ‎12-08-2015

If you can, your easiest solution would be run both clusters in parallel and utilize hybrid / distributed search to search the new and old clusters. Once your data is aged out, you can decommission the old clusters.

Another option would be to bring the new members into the cluster, up the REP factor and Search factor to balance across to the new members. Then decommission the older servers from the cluster..

athorat · ‎12-08-2015

Thanks for the reply @esix

Thats a good option to run both servers in to parallel but if we decommission the old servers how about the users reports extracted fields, dashboards and other data.

How do we have those in the new systems.
We have one search head and 3 indexers. Planning to have 2 search heads and 4 indexers.

couple of questions regarding the second option. if we add new members to the cluster and up the rep factor how about the old data from the old servers if they are decommissioned.

If we have to migrate the users, reports, dashboards and alerts, what would be the approach to move them.

Thanks.

How do we upgrade our 3 indexer cluster to a 4 indexer cluster with the latest Splunk version and migrate the old data?

indexer

upgrade

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!