As you haven’t rsync/copy old logs etc (you don’t need those) splunk will warn as it expect to find it based on fishbucket. You could ignore that warning. Probably there are some other too?

If you didn’t rsync in 1st time whole SPLUNK_HOME/etc you have only trial license etc which you should change to the correct one. Syncing the etc directory gives to you also same GUID and splunk.secret which you have on old environment. This ensures that your old passwords etc are still working.

I did rsync both SPLUNK_HOME and SPLUNK_DB ( entirely ) I had to change the server name in some of the *.conf  files to the new one

I am still not able to see the GUI 

Have you ensure that all files under SPLUNK_HOME are owned by splunk OS user?

Are there anything else on splunkd.log or migration log if you have already done it?

Have you done all needed OS level changes based on your OS?

for the ownership I ran 

chown -R splunk:splunk /app/splunk-app/($SPLUNK_HOME) and same for /app/splunk-data ($SPLUNK_DB)

there is a symlink /app/splunk-app to /opt/splunk (to enable RPM installs and updates).

for the OS just installed the RPMs with yum localinstall <RPM>

in regards to  other errors :

ERROR DatabaseDirectoryManager - Getting size on disk: Path for bid=<index>~5614~E1F35BEE-29E7-4CCB-9E16-F000A9A1741F cannot be located. caller=serialize_SizeOnDisk

migration log: /opt/splunk/var/log/splunk/migration.log.2023-06-26.17-32-08:

To be on the same page, we should check that we have common understanding.

1. You have updated old env to 8.0.3
2. You have installed RH 8 into the new server
3. You have rsync /opt/splunk/ and db dir to the new server
4. You have changed a needed conf files etc
5. You have installed splunk 8.0.3 into the new server
6. You have started splunk on new sever
7. now we are here?

1. You have updated old env to 8.0.3 - The current(old) Splunk version is 8.0.3. In the destination(new instance), the version is the same version and I am planning to do in-place upgrade to 8.1  to~> 9.0.5 ( once migrated successfully )
2. You have installed RH 8 into the new server- ( our company provides the instances the new one is RedHat8 the old was 7) 
3. You have rsync /opt/splunk/ and db dir to the new server - correct
4. You have changed a needed conf files etc - correct to contain the new server name (FQDN)
5. You have installed splunk 8.0.3 into the new server- correct
6. You have started splunk on new sever -correct
7. now we are here? Yes,sir 

One question. On RH 8 there is usually firewalld in use. Have you opened needed ports with it? Also some SElinux changes could be needed?

And what you are actually meaning when you are saying “I cannot see GUI”?

The GUI means the Splunk dashboard where we log in and run a query

Are you referring: https://www.splunk.com/en_us/blog/tips-and-tricks/selinux-and-splunk.html

As you have SElinux disabled then it's not a problem here.

What you get when you are running as root

[root@splunk-demo-rh8] ~>
(0) # systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2023-05-26 15:32:05 EEST; 1 months 2 days ago
     Docs: man:firewalld(1)
 Main PID: 1055 (firewalld)
    Tasks: 2 (limit: 100406)
   Memory: 36.8M
   CGroup: /system.slice/firewalld.service
           └─1055 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

May 26 15:32:03 splunk-demo-rh8.local systemd[1]: Starting firewalld - dynamic firewall daemon...
May 26 15:32:05 splunk-demo-rh8.local systemd[1]: Started firewalld - dynamic firewall daemon.
May 26 15:32:06 splunk-demo-rh8.local firewalld[1055]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider di>
[root@splunk-demo-rh8] ~>
(0) # firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 8000/tcp 8089/tcp 9997/tcp 8088/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
[root@splunk-demo-rh8] ~>
(0) #

If firewalld is enabled as here, you should have opened those ports (or what ever you are using) to get access to GUI + REST api and sending events from UF + enable HEC. 

I don't have Firewalld installed 

Ok, can you connect to server or did it refused a connection?

Can you you see your connection attempts on *access.logs?

from splunkd.log :

06-28-2023 12:12:09.162 -0400 WARN HttpListener - Socket error from <ip> while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http reques

I found the issue.. 

1) I got confused as the previous instance DNS pointer is not updated to the new FQDN, so when I tried to hit the DNS name it did not hit the new instance 

2) The new instance was configured with web.conf ->  enableSplunkWebSSL = 1  to enforce SSL but I think there is an issue with the common name

Hi

I totally agree with @gcusello and @richgalloway the way you should do it. Definitely install old version onto a new server then update. If/when you have a single node installation or idx + sh separately you could do it quite easily. Here is a old post how to do it https://community.splunk.com/t5/Installation/How-to-migrate-indexes-to-new-indexer-instance/m-p/5280...

 If you have distributed environment then you should just add new nodes to clusters and do the migration with splunk cluster features like it has told on this post https://community.splunk.com/t5/Splunk-Enterprise/Migration-of-Splunk-to-different-server-same-platf.... And again after migration to new nodes do a normal upgrade for distributed environment.

r. Ismo