I am planning to migrate my current Splunk Enterprise instance to a new server, but my organization requires that I complete the migration for all test environments before placing anything in production. This means I will need to complete the migration for all test environments, get approval for Production, and wait for a release window to push data from Production. Is it possible to run both instances at the same time, or will that create license issues? It would be great to have the test instance running so I can set all configurations and still keep Production running so we don't miss any data or alerts during the migration.
Precise details are lacking, but maybe if I give a few generic answers you can figure it out from there.
Somewhere in your Splunk environment is a license server. If you stand up a new indexer and point it to your existing license server, it'll use very little license at the start (because it's not doing anything) and what license it does use will go against your "regular" license amount. As you add/migrate inputs they'll all use your regular license pool. Easy peasy if you have a bit of free license and can move inputs one at a time. A lot of small/medium (up to hundreds of GB/day, even more) use a test environment that simply points to their production license. That's what I do.
Anyway, you could then potentially duplicate one input at a time (assuming you have at least a reasonable amount of your license free) and test it, then once its decided it's working well remove that input from the "old" side. You would double up license on one of the inputs at a time when doing it this way, but as long as you have sufficient free license this works fine. This is how I did our first migration. I doubt I'll do that again, because now we cluster the indexers so I'll just replace indexers as required. And search heads don't use license, it's indexing that does, so new Search Heads can just be built, configured and tested without affecting anything with license.
Keep in mind there is a grace window of being able to go over license up to 5 times in a 30 day window, so as long as you can arrange for the testing to get done rapidly, you could just go over license for a day or two for each input migrated (or just slam the environment for 2-3 days and do the whole shebang all at once). Also, if your license is small and you have a good relationship with your Splunk sales rep, you might be able to explain the situation to them and they might be able to get you a 5 GB additional trial license for 30 or 45 days to help with this process. Sometimes +5 GB/day is all that's needed to make this a reasonable process.
Another option would be to just duplicate the input for an hour or something to get "enough" data to test with and prove it should work OK, stop that duplication and do the testing, then cutover when they're happy it was good enough.
Yet another option could be to have your search head search both indexers. Moving data inputs usually isn't a big ordeal, it's search heads that seem to be more problematic in my opinion, but without a description of your environment I would be hard pressed to tell you how to go about arranging for this eventuality.
While I know those are incomplete, I hope it might have helped.
Another useful tidbit is to search for help. There's a lot of documentation from Splunk on various types of migrations in both docs and in answers.