Splunk Enterprise

Migrating Our Splunk Deployment Master Server From Azure To On-Premises

anandhalagaras1
Contributor

Hi All,

Our current setup involves Splunk Search Heads hosted in Splunk Cloud and managed by Support. The existing Deployment Master server is hosted on Azure, where it has been operating smoothly, supporting around 900+ clients that send logs to Splunk through it. Now, we’re planning to migrate the Deployment Master from Azure to an on-premises Nutanix environment.

We’ve built a new server on-premises with the necessary hardware specifications and are preparing to install the latest Splunk Enterprise package (version 9.3.1) downloaded from the Splunk website. We’ll place this package in the `/tmp` directory on the new server, extract it in the `/opt` directory, accept the license agreement, and start Splunk services. Once up, we’ll access the GUI to import the Enterprise licenses.

Next, I’ll download the Splunk Universal Forwarder Credential package (Splunkclouduf app) from the Splunk Cloud Search Head. Could you confirm whether this downloaded app should be placed in the `/opt/splunk/etc/apps`, `/opt/splunk/etc/deployment-apps`, or `/tmp` directory on the new server? From there, we can proceed with the installation. Please confirm.

Once installed, the Splunkclouduf app will create a `100_splunkcloud` folder in the `/opt/splunk/etc/apps` directory. Should I then copy the `100_splunkcloud` folder to the `/opt/splunk/etc/deployment-apps` directory? Also can we rename the folder name from "100_splunkcloud" to some custom name 

Additionally, the next step will involve transferring all deployment apps from the `deployment-apps` directory on the old server (`/opt/splunk/etc/deployment-apps`) to the new server in the same location—please confirm if this is correct.

Finally:
- Update the `deploymentclient` app on both the old and new Deployment Master servers with the new server name.
- Reload the server class on the old Deployment Master server.
- Verify that all clients are reporting to the new Deployment Master server.

 

Want to get it clarified whether these steps are correct or if i missed out anything kindly let me know. So that my new DM server should be running fine post migration.

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

To install an app from a file using the GUI requires signing in to Splunk.  No other credentials are required.

If you wish to install using the CLI, un-tar the app into /opt/splunk/etc/apps and re-start the DS.

Either way, you should then copy the created 100_splunkcloud directory to /opt/splunk/etc/deployment-apps.

There are no commands to run to complete the installation.

The DS does not use port 9997.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

It looks like you have the right steps.

I would download the splunkclouduf app to my workstation and then install it on the Deployment Server (DS) using the GUI (Install app from file).  After that, copy the /opt/splunk/etc/apps/100_splunkcloud directory to /opt/splunk/etc/deployment-app.  DO NOT RENAME the 100_splunkcloud app.

---
If this reply helps you, Karma would be appreciated.

anandhalagaras1
Contributor

@richgalloway ,

Thank you for your inputs.

When installing the `splunkclouduf` app via the GUI, will it prompt for a username and password during installation, or will it proceed directly without requiring authentication? Since we haven’t previously installed the `splunkclouduf` app through the GUI, I’m curious to know what to expect.

If installing by logging into the server directly, where should we place the `splunkclouduf` app—either in the `/opt/splunk/etc/apps` or `/opt/splunk/etc/deployment-apps` directory? After placing it in the appropriate directory, I assume we need to navigate to `/opt/splunk/bin` and execute the necessary command to complete the installation. Please confirm.

Also, regarding ports, we know that 8000, 8089, and 9997 need to be open from our on-prem server. If there are any additional ports required, please let me know.

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To install an app from a file using the GUI requires signing in to Splunk.  No other credentials are required.

If you wish to install using the CLI, un-tar the app into /opt/splunk/etc/apps and re-start the DS.

Either way, you should then copy the created 100_splunkcloud directory to /opt/splunk/etc/deployment-apps.

There are no commands to run to complete the installation.

The DS does not use port 9997.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...