Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Migrating Splunk data from Windows indexer to Ubuntu indexer

sdevadas
Path Finder
‎08-03-2011 01:54 PM

Hi,

We are planning to move our Splunk infrastructure from Windows to Linux.

We have 1 search head and 2 indexers in production (and one indexer each in QA and PERF).

I am planning to just introduce a linux search head, migrate all the applications/saved queries and expect it to work without any problems.

For the indexer, I would like to migrate the data on one of the windows server to a linux server.

Existing Windows indexer: Microsoft Windows Server 2003 R2, Standard x64 Edition, Service Pack 2, running on VMWare host.

Proposed Unix indexer: Ubuntu 10.04, 64 bit.

We originally had Splunk 4.0.* on the Windows box, and then upgraded a few months back to 4.2. This is the 64 bit version of Splunk.

  1. Is the data migration feasible?
  2. Is there an approximate time it would take to migrate the data - the current var/lib directory on Windows indexer is ~36.8GB.
  3. Is there a pointer to a page with instructions on migrating the data?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help

View solution in original post

Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-15-2011 06:02 AM

Was able to do the migration

  1. Mounted $SPLUNK_HOME/var/lib of windows on the linux box.
  2. Unzipped splunk zipped archive to /opt
  3. changed ownership to splunk install login
  4. Copied var/lib and relevant directories/files in etc (configuration files and user directories)
  5. Fixed configuration files for paths. Discarded any apps which used windows executables and scripts (these have to be rewritten if you want to use them).
  6. Copied splunk-launch.conf.default to splunk-launch.conf.
  7. Stopped windows splunk.
  8. Applied license to new linux server, after ensuring windows server wont be used (uninstall).
  9. Created a redirect page using default web server on the windows server.
  10. Started splunk.
  11. Integrated splunk with ldap from the web ui.
Reply
Solved! Jump to solution
Solution

LCM
Contributor
‎08-04-2011 07:51 AM

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help
Reply
Solved! Jump to solution

sdevadas
Path Finder
‎08-04-2011 08:59 AM

Thanks LCM, will mail back on how it goes.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...