How to copy all the users from one existing server...

jiuan · ‎06-08-2010

I'm setting up a new Splunk Server on a different OS. Instead of creating all the users manually, how can I copy all the users from existing server to the new server?

Thanks, Jiuan

starcher · ‎08-04-2014

You are getting that error because the passwords for the SSL keys were encrypted under the old splunk.secret. If you copied one from another server the hash no longer works. You need to re-enter the password in the appropriate conf files and let Splunk re-encrypt it.

ridwanahmed · ‎09-26-2018

what do you mean in the appropriate conf files?

Stephen_Sorkin · ‎06-08-2010

You should move etc/apps/*/local/... and etc/users/... to capture all user data. The first directory hierarchy brings over shared objects and the second brings over private objects. Additionally you should configure authentication to yield the same set of users.

marco_sulla · ‎09-11-2015

You have to copy also the $SPLUNK_HOME/etc/system/local/authorize.conf file if you have one.

nouse66 · ‎06-14-2014

I got that SSL error at first also. I fixed it by copying this setting from the other server's etc/system/local/server.conf:
[sslConfig]
sslKeysfilePassword =

jiuan · ‎06-09-2010

hmmm..... got this error:

ERROR SSLCommon - Can't read key file /home/a478377/workspace/splunk/etc/auth/server.pem

jiuan · ‎06-09-2010

Thanks, Stephen!

I just talked to Mick about how to copy the authentication too. He mentioned that all I need is copying etc/passwd and etc/auth/splunk.secret.

How to copy all the users from one existing server to the new server?

other

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation