Solved: Issue with indexed data while moving to new instan...

vnravikumar · ‎12-15-2020

Hi

I moved the Splunk server(ver.8.0.2 stand alone) into a new instance by copying the entire setup(/opt/splunk). Both are running in Centos7 but the issue is when I started the server in a new instance all the data(till yesterday) got removed from the indexes and the server contains only today's data. What could be wrong? I moved the entire setup. Need your help here. Or at least how to restore from /opt/splunk/var/lib/.

Thanks,

saravanan90 · ‎12-15-2020

If we are migrating standalone instance then above will surely work. Once it is moved, need to update the host in /opt/splunk/etc/system/local/inputs.conf. Check the index files /opt/splunk/var/lib/splunk/$indexname$/db/ are present before & after restarting in new instance.

View solution in original post

saravanan90 · ‎12-15-2020

If we are migrating standalone instance then above will surely work. Once it is moved, need to update the host in /opt/splunk/etc/system/local/inputs.conf. Check the index files /opt/splunk/var/lib/splunk/$indexname$/db/ are present before & after restarting in new instance.

vnravikumar · ‎12-16-2020

Thank you.

Issue with indexed data while moving to new instance

indexer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation