Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to copy all the users from one existing server to the new server?

jiuan
Explorer
‎06-08-2010 02:31 PM

I'm setting up a new Splunk Server on a different OS. Instead of creating all the users manually, how can I copy all the users from existing server to the new server?

Thanks, Jiuan

Tags (3)
Reply

starcher
Influencer
‎08-04-2014 12:12 PM

You are getting that error because the passwords for the SSL keys were encrypted under the old splunk.secret. If you copied one from another server the hash no longer works. You need to re-enter the password in the appropriate conf files and let Splunk re-encrypt it.

Reply

ridwanahmed
Path Finder
‎09-26-2018 10:10 PM

what do you mean in the appropriate conf files?

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎06-08-2010 05:13 PM

You should move etc/apps/*/local/... and etc/users/... to capture all user data. The first directory hierarchy brings over shared objects and the second brings over private objects. Additionally you should configure authentication to yield the same set of users.

Reply

marco_sulla
Path Finder
‎09-11-2015 01:12 AM

You have to copy also the $SPLUNK_HOME/etc/system/local/authorize.conf file if you have one.

0 Karma
Reply

nouse66
New Member
‎06-14-2014 10:14 AM

I got that SSL error at first also. I fixed it by copying this setting from the other server's etc/system/local/server.conf:
[sslConfig]
sslKeysfilePassword =

0 Karma
Reply

jiuan
Explorer
‎06-09-2010 07:48 PM

hmmm..... got this error:

ERROR SSLCommon - Can't read key file /home/a478377/workspace/splunk/etc/auth/server.pem

0 Karma
Reply

jiuan
Explorer
‎06-09-2010 06:52 PM

Thanks, Stephen!

I just talked to Mick about how to copy the authentication too. He mentioned that all I need is copying etc/passwd and etc/auth/splunk.secret.

Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
li.common.scroll-to.top