Installation

What is the best way to back up Splunk, upgrade, and migrate to a new server?

skparkj
New Member

Hello,

Our current setup is: Deployment Server -> Multiple Forwarders -> Universal Forwarder/Indexer-> Server

I'm looking to upgrade the Deployment Server and the Universal Forwarder/Indexer from Splunk 6.1.1 to 6.3.1 and move it to a new server, since forwarders are backwards compatible.

I'm relatively new to Splunk and wanted to know the best way to go about this and the process. Would it be simpler to upgrade Splunk to the latest version in their current server, backup, and migrate them, or backup, migrate, and upgrade them?

Any information is greatly appreciated. Thank you!

Labels (3)
0 Karma
1 Solution

masonmorales
Influencer
  1. Stop Splunk
  2. Copy the $SPLUNK_HOME directory to your new server
  3. Download a new Splunk package and install it over your existing/migrated $SPLUNK_HOME
  4. Start Splunk
  5. Answer Yes to the prompts
  6. Login and validate

It really is that simple.

View solution in original post

masonmorales
Influencer
  1. Stop Splunk
  2. Copy the $SPLUNK_HOME directory to your new server
  3. Download a new Splunk package and install it over your existing/migrated $SPLUNK_HOME
  4. Start Splunk
  5. Answer Yes to the prompts
  6. Login and validate

It really is that simple.

ddrillic
Ultra Champion
0 Karma

ddrillic
Ultra Champion

http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/UpgradetheNixforwarder is very interesting as you install the universal forwarder package over the existing deployment.

0 Karma

skparkj
New Member

I have. I just wanted to know if backing up your data was really just as simple as copying your data/config and keeping it stored elsewhere during the upgrade?

I believe I have a full instance of splunk enterprise that acts as a forwarder and indexer. Is this what you consider a nix forwarder?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...