Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Please advise on proposed process to upgrade Splunk 6.1 to a new Linux server.

royimad
Builder
‎09-24-2014 02:29 AM

I will be moving an existing Splunk installation (and all the data, inputs and customizations, etc.) over to a new server (Linux to Linux same platform and same architecture) and perform an upgrade to 6.1 and from what I gathered from all the documentation, the process would be this:

  • Stop Splunk Enterprise 5.0 on the server from which you want to migrate.
  • Copy the entire contents of the $SPLUNK_HOME directory from the old server to the new server – All my indexes and data reside under $SPLUNK_HOME
  • Create Splunk user and install Splunk 6.1 on target platform under same location and directory structure of the copied files - Extract 6.1 downloaded splunk-6.1.3-220630-Linux-x86_64.tgz directly over the copied files on the new system
  • Start Splunk Enterprise on the new instance - Splunk Enterprise detects whether you are migrating and prompts you on whether or not to upgrade at this time, answer by yes.
  • Start command should migrate the license to the new server: $SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

Are we missing something in the process.
Please advice

Labels (2)
Labels
Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

srioux
Communicator
‎09-24-2014 07:13 AM

Most of it looks good. That said, here are a few things, off the top of my head:

  • Generally you would want to create backups, although you could use the old server as the "backup" for config files/data-wise.
  • Make sure to chown all the right directories/files, as needed.
  • Not sure how distributed the architecture is, or how everything would be configured. I generally advise to use a DNS alias for the Splunk server; that way, if you migrate (as you're doing now), nobody has to update their bookmarks. There may be communications to consider around this, depending on your user-base (and update internal docs, bookmarks, and wherever else you might've documented it).
  • If you're using SSL, but changing the URL of Splunk, might need to get a new cert generated/signed for it.
  • If you're using forwarders, you may need to update outputs.conf across forwarders to send to the new box. This may be alleviated through centralized management, such as the deployment server.
  • Not sure what your security landscape looks like, but make sure that firewalls (local or network), or any other security in place would take into account the new system.
  • If you're using a separate license server, make sure that the server's added to the license pool. Even if it's all running on the same box, I'd definitely mark it as a "validation" point.
  • Consider enabling boot-start, if you want Splunk to fire up on boot ($SPLUNK_HOME/bin/splunk enable boot-start).

View solution in original post

Reply
Solved! Jump to solution
Solution

srioux
Communicator
‎09-24-2014 07:13 AM

Most of it looks good. That said, here are a few things, off the top of my head:

  • Generally you would want to create backups, although you could use the old server as the "backup" for config files/data-wise.
  • Make sure to chown all the right directories/files, as needed.
  • Not sure how distributed the architecture is, or how everything would be configured. I generally advise to use a DNS alias for the Splunk server; that way, if you migrate (as you're doing now), nobody has to update their bookmarks. There may be communications to consider around this, depending on your user-base (and update internal docs, bookmarks, and wherever else you might've documented it).
  • If you're using SSL, but changing the URL of Splunk, might need to get a new cert generated/signed for it.
  • If you're using forwarders, you may need to update outputs.conf across forwarders to send to the new box. This may be alleviated through centralized management, such as the deployment server.
  • Not sure what your security landscape looks like, but make sure that firewalls (local or network), or any other security in place would take into account the new system.
  • If you're using a separate license server, make sure that the server's added to the license pool. Even if it's all running on the same box, I'd definitely mark it as a "validation" point.
  • Consider enabling boot-start, if you want Splunk to fire up on boot ($SPLUNK_HOME/bin/splunk enable boot-start).
Reply
Solved! Jump to solution

royimad
Builder
‎09-24-2014 07:43 AM

I'm using SSL and change the URL of Splunk , do i need to get a new cert generated ???

0 Karma
Reply
Solved! Jump to solution

srioux
Communicator
‎09-24-2014 09:50 AM

I would assume so, but you'd have to check your cert. The certificate might be tied to the system's URL.

Lots of documentation on the wiki & official Splunk docs on certs, if needed:
http://docs.splunk.com/Documentation/Splunk/6.1.3/Security/Howtogetthird-partycertificates

0 Karma
Reply
Solved! Jump to solution

srioux
Communicator
‎09-24-2014 07:26 AM

As it so happens, there's a stack of stuff on the Splunk wiki as well:
http://wiki.splunk.com/Deploy:Migrating_a_Splunk_Install

0 Karma
Reply
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...