Thanks for your advice, I knew that I can replace folder to migrate configuration and index data, but I just want to find another way to do migration by once install.

Because I found some descriptions in guide as below: (refer to step 3) 

1. Stop Splunk Enterprise on the host from which you want to migrate.
2. Copy the entire contents of the $SPLUNK_HOME directory from the old
host to the new host.
3. Install the appropriate version of Splunk Enterprise for the target platform.
4. Confirm that index configuration files (indexes.conf) contain the correct
location and path specification for any non-default indexes.
5. Start Splunk Enterprise on the new instance.
6. Log into Splunk Enterprise with your existing credentials.
7. After you log in, confirm that your data is intact by searching it. 

Reviving an older post, I'm in this exact same position and am curious; How did you go about switching the file structure over? I've seen some people create scripts. Is that how this is getting done?

Hello, I'm curious to know if you were able to successfully migrate from Windows to Linux?

I opened a support ticket for help and they referred me to this forum posting, but the steps mentioned here are not sufficient and some steps seem out of order. For example, it says to copy the home directory from old to new server and then install splunk on new server, but wouldn't this just overwrite the files you copied over?

After opening a second ticket with a different Splunk support rep, they suggested I

(1) install a default splunk instance on new server

(2) copy only the $SPLUNK_HOME\var\lib and $SPLUNK_HOME\etc directories, as well as the directory containing my cold search DBs. 

Lastly, they recommended I update my configuration (.conf) files to point to the new locations on the Linux server. However, received no specific guidance on which files to update other than the indexes.conf file. 

The final recommendation from Splunk support was to check *all* configuration files in $SPLUNK_HOME\etc directory. When I pointed out that there are over 300 configuration files in our $SPLUNK_HOME\etc directory, they confirmed that we must check and update all 300+ files, which is not feasible for us.

At this point I've given up, but maybe someone else on here has had success?

I don't want to get too specific, because it may work different for different environments, but it they keys were:

mount.cifs to mount the windows drive on athe destination linux machine

rsync -avhipP copied from the windows drive to the linux drive and adjusted from a windows file structure to a linux file structure.

it's difficult to answer as there is no one single approach.

best practice is.... lift and shift of config's and apps local. 

Although this seems correct since you are changing the operating system, better try on poc or test instance. 

since some settings in windows os and Linux are different.

Refer to the docs https://docs.splunk.com/Documentation/Splunk/8.0.4/Installation/MigrateaSplunkinstance