Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Migrate Index without shutdown

mdmurtazaali
New Member
‎03-10-2017 06:26 AM

Hi There, We have two indexer (not clustered) but on DNS roundrobin. We need to migrate the indexers to the new hardware and we are planning to do that one by one. For indexer 1 Is there any way to:
1. Copy the files to the new server without shutting down splunk?
2. Can the indexer 1 be readonly from search head?

Thanks,

Mo

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎03-10-2017 08:41 AM

Here is our documentation that discusses migrating:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/MigrateaSplunkinstance

As you will see in this section, you will need to stop Splunk:

1. Stop Splunk Enterprise on the host from which you want to migrate.
2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
3. Install the appropriate version of Splunk Enterprise for the target platform.
4. Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
5. Start Splunk Enterprise on the new instance.
6. Log into Splunk Enterprise with your existing credentials.
7. After you log in, confirm that your data is intact by searching it.

While you can make an index read-only, in order to migrate properly, you will need to stop Splunk.

Jacob
Sr. Technical Support Engineer

View solution in original post

Reply
Solved! Jump to solution

puneethgowda
Communicator
‎03-10-2017 08:45 AM

Answer for your question is downtime is must

0 Karma
Reply
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎03-10-2017 08:41 AM

Here is our documentation that discusses migrating:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/MigrateaSplunkinstance

As you will see in this section, you will need to stop Splunk:

1. Stop Splunk Enterprise on the host from which you want to migrate.
2. Copy the entire contents of the $SPLUNK_HOME directory from the old host to the new host.
3. Install the appropriate version of Splunk Enterprise for the target platform.
4. Confirm that index configuration files (indexes.conf) contain the correct location and path specification for any non-default indexes.
5. Start Splunk Enterprise on the new instance.
6. Log into Splunk Enterprise with your existing credentials.
7. After you log in, confirm that your data is intact by searching it.

While you can make an index read-only, in order to migrate properly, you will need to stop Splunk.

Jacob
Sr. Technical Support Engineer
Reply
Solved! Jump to solution

mdmurtazaali
New Member
‎03-10-2017 10:49 AM

Thanks @Jcrabb!

0 Karma
Reply
Get Updates on the Splunk Community!

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...