I am building out a new instance of splunk on new servers. I want to know is their a way to port over the existing user and their roles to the new splunk instance. The new instance is on a Linux server. Is there a way to tar up the existing user/roles on the old instance and port to the new instance.
I am now getting this error:
Can't read key file /mnt/splunk/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVPDecryptFinalex:bad decrypt.
Couldn't initialize SSL Context for HTTPClient in ServerConfig
cannot find non-empty stack=enterprise for pool=autogeneratedpool_enterprise, skipping
Where config files do I need to re-enter my password to let Splunk re-encrypt it.
/etc/app/*/local, /etc/users, /etc/passwd, /etc/system/local/server.conf, etc/auth/splunk.secret.
Should I just copy the server.pem pem file to server.pem_old, restart splunk and let it generate it again?
it sounds like your password from the old instance was copied to the new instance in $SPLUNKHOME/etc/system/local/server.conf. You can re-enter the correct password originally set on the new instance and restart splunk or reset back to default by pasting this into $SPLUNKHOME/etc/system/local/server.conf on the new instance:
(paste everything as it appears below)
enableSplunkdSSL = true
sslKeysfile = server.pem
sslKeysfilePassword = password
caCertFile = cacert.pem
caPath = $SPLUNK_HOME/etc/auth
restart splunk on the new instance
If re-entering the correct password, just update sslKeysfilePassword and restart splunk