Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Indexer Cluster Migration to VM with different OS

aguilard
Explorer
4 weeks ago

Hello, 

We have an multisite indexer cluster with Splunk Enterprise 9.1.2 running in Red-hat 7 VMs and we need to migrate them to others VMs but with Red-Hat 9.

From documentation it's been required that all members of a cluster must have the same OS and version.

I was thinking to simply add one new indexer (redhat 9 vm) at the time and dettach an old one forcinf the buckets count. So for a short-time the cluster would have members with different OS versions.

Upgrading from Red-Hat 7 to Red.Had 9 directly in the splunk enviroment is not possible.

I would like to know if there are critical issues to face while the migration is happening?  I hope the procedure won't last more than 2 days.


0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
4 weeks ago

The procedure you're thinking of is common and works well.  Good luck!

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

pmerlin1
Path Finder
Monday

Nous avons du faire face au même défi mais pour notre cas nous devions migrer la version OS et la version Splunk en même temps :
Nous avons créer un cluster d'indexer avec la nouvelle version OS et version Splunk. Ce cluster ingère les nouvelles données
Nous avons conserver une seule instance de l'ancien cluster d'indexer en lecture seule pour requêter les données historiques
Le cluster de search head était branché sur tous les peers, le cluster d'indexer et l'indexer standalone.
Une fois les durées de rétention expirées, nous avons décommissionné l'ancien indexer.

0 Karma
Reply
Solved! Jump to solution

pmerlin1
Path Finder
Monday

We faced the same challenge, but in our case we had to migrate the OS version and the Splunk version at the same time:
We created an indexer cluster with the new OS version and Splunk version. This cluster ingests the new data
We kept a single instance of the old read-only indexer cluster to query historical data.
The search head cluster was connected to all peers, the indexer cluster and the standalone indexer.
Once the retention times had expired, we decommissioned the old indexer.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
Monday
Basically you shouldn’t migrate both os and splunk at the same time. Just select which one you do first and after you have finalized it and check couple of days that everything is ok, then do the second migration. Of course if you have new host where to migrate then those os can be migrated earlier and just migrate splunk into those. Again you could migrate splunk before node migration or after it, but don’t try it the same time (e.g. new hosts have newer version).
Here is how I have done it earlier https://community.splunk.com/t5/Splunk-Enterprise/Migration-of-Splunk-to-different-server-same-platf...
r. Ismo
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
4 weeks ago

The procedure you're thinking of is common and works well.  Good luck!

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...