Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Support team and Diag File - Migrate / reproduce a Splunk instance

inventsekar
SplunkTrust
SplunkTrust
‎08-26-2019 12:50 AM

Hi All.. we were wondering why Splunk Support team would require the "diag file" when we open a support ticket?
is that - the splunk support team can "reproduce" my splunk instance on their lab setup to do the analysis?
is it possible? - i mean, from a diag file, can we "Reproduce" the splunk instance?
(untar the diag file, copy the "etc" directory to a newly installed splunk instance and start the splunk.. will it be a reproduction of the old setup?)
thanks,..

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-26-2019 05:27 AM

Diag files do not fully reproduce a Splunk instance. Your data, for example, is not in the diag file. It mainly contains your config files so Splunk support can better diagnose your problem. To see what is included in the file, run splunk diag on the command line then use tar -zlf <diag file>.

---
If this reply helps you, Karma would be appreciated.
Reply

renjith_nair
Legend
‎08-26-2019 06:08 AM

Adding to rich's answer, splunk support uses undiag tools and load your data. Predefined dashboards and analysis methods gives them an overview about how your system was performing. So they use it for reproducing your problem rather than recreating the environment.

Please refer to Diag contents for more information about diag contents and the video gives an introduction on how its being used.

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

inventsekar
SplunkTrust
SplunkTrust
‎08-26-2019 08:30 AM

Thanks Rich..

Thanks Renjith..Your answer answered half of my question.
Yeah, i am not looking to recreate / migrate splunk instance with its diag alone. As you said, we also would like to reproduce the problem(not recreate the whole environment).
Is it possible for us(for splunk customers) or, only splunk support can do that?

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-27-2019 05:21 PM

The diag by itself is useful, but is not always enough. It only contains configs for a single system so any cluster-related problem may require other information to reproduce. Similarly, a problem caused by data may not be reproducible using only the diag.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...