Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Migrating Splunk data from Windows indexer to Ubuntu indexer

sdevadas
Path Finder
‎08-03-2011 01:54 PM

Hi,

We are planning to move our Splunk infrastructure from Windows to Linux.

We have 1 search head and 2 indexers in production (and one indexer each in QA and PERF).

I am planning to just introduce a linux search head, migrate all the applications/saved queries and expect it to work without any problems.

For the indexer, I would like to migrate the data on one of the windows server to a linux server.

Existing Windows indexer: Microsoft Windows Server 2003 R2, Standard x64 Edition, Service Pack 2, running on VMWare host.

Proposed Unix indexer: Ubuntu 10.04, 64 bit.

We originally had Splunk 4.0.* on the Windows box, and then upgraded a few months back to 4.2. This is the 64 bit version of Splunk.

  1. Is the data migration feasible?
  2. Is there an approximate time it would take to migrate the data - the current var/lib directory on Windows indexer is ~36.8GB.
  3. Is there a pointer to a page with instructions on migrating the data?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help

View solution in original post

Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-15-2011 06:02 AM

Was able to do the migration

  1. Mounted $SPLUNK_HOME/var/lib of windows on the linux box.
  2. Unzipped splunk zipped archive to /opt
  3. changed ownership to splunk install login
  4. Copied var/lib and relevant directories/files in etc (configuration files and user directories)
  5. Fixed configuration files for paths. Discarded any apps which used windows executables and scripts (these have to be rewritten if you want to use them).
  6. Copied splunk-launch.conf.default to splunk-launch.conf.
  7. Stopped windows splunk.
  8. Applied license to new linux server, after ensuring windows server wont be used (uninstall).
  9. Created a redirect page using default web server on the windows server.
  10. Started splunk.
  11. Integrated splunk with ldap from the web ui.
Reply
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help
Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-04-2011 08:59 AM

Thanks LCM, will mail back on how it goes.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...