Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Migrating Splunk data from Windows indexer to Ubuntu indexer

sdevadas
Path Finder
‎08-03-2011 01:54 PM

Hi,

We are planning to move our Splunk infrastructure from Windows to Linux.

We have 1 search head and 2 indexers in production (and one indexer each in QA and PERF).

I am planning to just introduce a linux search head, migrate all the applications/saved queries and expect it to work without any problems.

For the indexer, I would like to migrate the data on one of the windows server to a linux server.

Existing Windows indexer: Microsoft Windows Server 2003 R2, Standard x64 Edition, Service Pack 2, running on VMWare host.

Proposed Unix indexer: Ubuntu 10.04, 64 bit.

We originally had Splunk 4.0.* on the Windows box, and then upgraded a few months back to 4.2. This is the 64 bit version of Splunk.

  1. Is the data migration feasible?
  2. Is there an approximate time it would take to migrate the data - the current var/lib directory on Windows indexer is ~36.8GB.
  3. Is there a pointer to a page with instructions on migrating the data?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help

View solution in original post

Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-15-2011 06:02 AM

Was able to do the migration

  1. Mounted $SPLUNK_HOME/var/lib of windows on the linux box.
  2. Unzipped splunk zipped archive to /opt
  3. changed ownership to splunk install login
  4. Copied var/lib and relevant directories/files in etc (configuration files and user directories)
  5. Fixed configuration files for paths. Discarded any apps which used windows executables and scripts (these have to be rewritten if you want to use them).
  6. Copied splunk-launch.conf.default to splunk-launch.conf.
  7. Stopped windows splunk.
  8. Applied license to new linux server, after ensuring windows server wont be used (uninstall).
  9. Created a redirect page using default web server on the windows server.
  10. Started splunk.
  11. Integrated splunk with ldap from the web ui.
Reply
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help
Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-04-2011 08:59 AM

Thanks LCM, will mail back on how it goes.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...