Monitoring Splunk

Migrating data from old server to new server while upgrading Splunk 9.3

prasireddy
Explorer

Please can anyone what are steps to migrate the old data to new server while upgrading the splunk to 9.3 version i have checked the splunk document but i did not understand properly.Kindly please could help anyone help on this. Prasent splunk vesrion is 8.2.0  

0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

OK. So you're not "upgrading" but moving your installation from a 6.10 RHEL box to a 9.x one.

The way to go is

1) Install and configure new server

2) Migrate splunk in the same version as you already have. See https://docs.splunk.com/Documentation/Splunk/8.2.0/Installation/MigrateaSplunkinstance

One thing - if your installation was RPM-based, before moving contents of the old Splunk installation, install a fresh RPM (still the original 8.2 version!) before overwriting it with actual production files so that RPM database is properly populated.

Unfortunately, if you're moving from one server to another (having new name, new IP and so one) you have to go through the configs and fix the things that point to the old name, IP and possibly certificate. And we can't know beforehand about all the configuration items you have to change.

3) After you have your 8.2 instance working in a new place, perform the upgrade to the desired version using the official upgrade path (you can't upgrade directly from 8.2 to 9.3)

View solution in original post

prasireddy
Explorer

Hi @PickleRick ,
firstly we planning to migrate data from existing server new server then afterwards splunk upgrade so here i wanted to know the steps  how to migrate data from my existing server to new server..within the server we know but now its new server so asking you how to migrate data.and the second  thing the installation and upgrade my team will see that and here i need only how to migrate my data.
so kindly please help on this

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Again - it depends whether by "migrate" you mean just replace the box and leave everything as it was before (IP, name, storage layout) or are you planning any changes. Do you want to stay with the same underlying OS or do you plan to migrate, for example, from debian to RH? How was your system installed? A dpkg/rpm package? A simple unpack from tgz? A docker container?

0 Karma

prasireddy
Explorer

Hi @PickleRick 

Actually in phase-1 we are upgrading RHEL version (6.10 to 9.x--- just same OS but we are upgrading the version) the RHEL upgrade we are planning in new separate server from the scratch and after  RHEL upgrade,in phase-2 we have a splunk upgrade(8.2 to 9.x) . So in phase-1 we are installing  existed splunk version (8..2)  in new server and we need data migration from existed server to new server.Please could you help on this...




Thank You in advance..

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. So you're not "upgrading" but moving your installation from a 6.10 RHEL box to a 9.x one.

The way to go is

1) Install and configure new server

2) Migrate splunk in the same version as you already have. See https://docs.splunk.com/Documentation/Splunk/8.2.0/Installation/MigrateaSplunkinstance

One thing - if your installation was RPM-based, before moving contents of the old Splunk installation, install a fresh RPM (still the original 8.2 version!) before overwriting it with actual production files so that RPM database is properly populated.

Unfortunately, if you're moving from one server to another (having new name, new IP and so one) you have to go through the configs and fix the things that point to the old name, IP and possibly certificate. And we can't know beforehand about all the configuration items you have to change.

3) After you have your 8.2 instance working in a new place, perform the upgrade to the desired version using the official upgrade path (you can't upgrade directly from 8.2 to 9.3)

prasireddy
Explorer

Thank you so much @PickleRick  it very useful information.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

First and foremost - don't do two things at once - either upgrade and then migrate or migrate then upgrade.

Also - what things you don't understand? It's impossible to do a step by step instructions to do something like that without at least some knowledge and understanding on your side what you're doing. Should anything go wrong how will you be able to troubleshoot and fix your installation?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...