Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Migrating Splunk ES Search Head from on-prem to AWS EC2 instance

dm1
Contributor
‎11-10-2021 08:44 PM

I have Splunk 7.3.6 with ES 6.0.2 on an on-prem Linux VM. I have an EC2 instance already setup with Splunk Core 8.1.5 where I want to migrate the ES app.

Looking at various docs like Migrate from standalone searchheads and How to migrate, First doc is more about migrating from a standalone search head to an SHC, where it suggests to only migrate /etc/apps and /etc/users directory, however in the 2nd doc, which seems more closely relevant to what I want to achieve, it states, first I should copy over entire $SPLUNK_HOME directory on new system and then install Splunk on top of that. Not sure which one to follow.

Also, incase of 2nd doc, I have done the opposite, I have installed Splunk first and now looking to copy existing ES SH's $SPLUNK_HOME, on top of that, but dont know if it would work ?

Any suggestion ideas thoughts ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-16-2024 10:51 PM

Hi @dm1 ,

I'd follow the first solution in three steps:

  • install a new Splunk on AWS, possible the sam version that you have on-premise, not a new version,
  • configure the new Splunk as SH connected to your Indexers,
  • copy the above folders in the AWS Splunk,
  • eventually update your Splunk and apps version.

because you don't need to copy the bins or the libraries that are always the same, you need only to copy the confs that you did in your on-premise installation.

Ciao.

Giuseppe

Reply

PJR
Engager
‎05-16-2024 10:41 PM

Hello dm1,

Were you able to migrate Search Head On premises to AWS? 
If so, can you please share the steps/process which you have followed for the migration.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...