Installation
Highlighted

Migrating Splunk data from Windows indexer to Ubuntu indexer

Path Finder

Hi,

We are planning to move our Splunk infrastructure from Windows to Linux.

We have 1 search head and 2 indexers in production (and one indexer each in QA and PERF).

I am planning to just introduce a linux search head, migrate all the applications/saved queries and expect it to work without any problems.

For the indexer, I would like to migrate the data on one of the windows server to a linux server.

Existing Windows indexer: Microsoft Windows Server 2003 R2, Standard x64 Edition, Service Pack 2, running on VMWare host.

Proposed Unix indexer: Ubuntu 10.04, 64 bit.

We originally had Splunk 4.0.* on the Windows box, and then upgraded a few months back to 4.2. This is the 64 bit version of Splunk.

  1. Is the data migration feasible?
  2. Is there an approximate time it would take to migrate the data - the current var/lib directory on Windows indexer is ~36.8GB.
  3. Is there a pointer to a page with instructions on migrating the data?

Thanks

Tags (1)
0 Karma
Highlighted

Re: Migrating Splunk data from Windows indexer to Ubuntu indexer

Contributor

I haven't done it so far, but that's my suggestion

  1. Yes
  2. If you have free hand, I guess it takes less than 1h - the big work is probably, backup & copy 36.8GB
  3. Here ReadmeFirst & Migration some help

View solution in original post

Highlighted

Re: Migrating Splunk data from Windows indexer to Ubuntu indexer

Path Finder

Thanks LCM, will mail back on how it goes.

0 Karma
Highlighted

Re: Migrating Splunk data from Windows indexer to Ubuntu indexer

Path Finder

Was able to do the migration

  1. Mounted $SPLUNK_HOME/var/lib of windows on the linux box.
  2. Unzipped splunk zipped archive to /opt
  3. changed ownership to splunk install login
  4. Copied var/lib and relevant directories/files in etc (configuration files and user directories)
  5. Fixed configuration files for paths. Discarded any apps which used windows executables and scripts (these have to be rewritten if you want to use them).
  6. Copied splunk-launch.conf.default to splunk-launch.conf.
  7. Stopped windows splunk.
  8. Applied license to new linux server, after ensuring windows server wont be used (uninstall).
  9. Created a redirect page using default web server on the windows server.
  10. Started splunk.
  11. Integrated splunk with ldap from the web ui.