Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Installing a new Splunk server and restoring data from another splunk server

leobsksd
Explorer
‎02-01-2024 01:35 PM

I am installing a new Splunk server on Windows using the trial subscription for now, which may be changed to the free license later.  

I have data from another Splunk for Windows server that I would like to restore to the new instance.  What is the process for doing that?

Thanks,

Leo

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-02-2024 01:16 AM

Hi @leobsksd,

do you want to migrate only configurations or also data?

For configurations, you have to copy from the old instance to the new one all the apps you installed and eventually also search and launcer, if you have some configuration in these apps.

if you want also migrate data, you have to:

  • stop bothe the instances,
  • copy the $SPLUNK_HOME\var\lib\splunk folder (or a different one if you used a different $SPLUNK_DB) from the old to the new instance,
  • copy all the indexes.conf files from the old to the new instance,
  • restart Splunk in the new instance.

Only for conclusion: Windows is ok for quick tests or demo, avoid for production systems, use Linux!

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

leobsksd
Explorer
‎02-02-2024 07:51 AM

I will try standing up a new instance of Splunk and copying over the $SPLUNK_HOME\var\lib\splunk folder to the new installation from the instance of Splunk that I have backed up.  

Will this also copy over the configuration from the old server?  Part of the issue is that the old server had a free license which is violation, which is why I am working to setup a new Splunk server without that problem. 

Good point about Linux.  I may try installing Splunk on that platform and see how it does.

Leobsksd

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-02-2024 07:55 AM

Hi @leobsksd,

you have to copy the apps and data, not all the etc folder , especially license!

I suppose that you want to install on a different computer or a different VM, not on the same instance in violation, it will not work:  on Windows you cannot reinstall Splunk on the same server, instead on linux you can install in a different folder, eventually deleting the old one without problems.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

leobsksd
Explorer
‎02-01-2024 04:25 PM

I found this:  Migrate a Splunk Enterprise instance from one physical machine to another - Splunk Documentation

 

I will give it a try.

Leo

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-08-2024 07:24 AM

Also remember that the Trial license is granted to a particular party for a particular use (testing the solution to see if it's appropriate for intended purpose) and limited time. Attempts to "prolong" the trial license by moving data to a fresh instance is against license terms. If you need a longer-time trial license, contact your local friendly Splunk Partner.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-07-2024 11:26 PM

Hi @leobsksd ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...