Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Migrating Splunk ES Search Head from on-prem to AWS EC2 instance

dm1
Contributor
‎11-10-2021 08:44 PM

I have Splunk 7.3.6 with ES 6.0.2 on an on-prem Linux VM. I have an EC2 instance already setup with Splunk Core 8.1.5 where I want to migrate the ES app.

Looking at various docs like Migrate from standalone searchheads and How to migrate, First doc is more about migrating from a standalone search head to an SHC, where it suggests to only migrate /etc/apps and /etc/users directory, however in the 2nd doc, which seems more closely relevant to what I want to achieve, it states, first I should copy over entire $SPLUNK_HOME directory on new system and then install Splunk on top of that. Not sure which one to follow.

Also, incase of 2nd doc, I have done the opposite, I have installed Splunk first and now looking to copy existing ES SH's $SPLUNK_HOME, on top of that, but dont know if it would work ?

Any suggestion ideas thoughts ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
3 weeks ago

Hi @dm1 ,

I'd follow the first solution in three steps:

  • install a new Splunk on AWS, possible the sam version that you have on-premise, not a new version,
  • configure the new Splunk as SH connected to your Indexers,
  • copy the above folders in the AWS Splunk,
  • eventually update your Splunk and apps version.

because you don't need to copy the bins or the libraries that are always the same, you need only to copy the confs that you did in your on-premise installation.

Ciao.

Giuseppe

Reply

PJR
Engager
3 weeks ago

Hello dm1,

Were you able to migrate Search Head On premises to AWS? 
If so, can you please share the steps/process which you have followed for the migration.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...