Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Migration from Windows Single Instance Deployment to Small Enterprise Distributed Deployment

zayers2
Explorer
‎05-15-2018 06:53 AM

The scenario is the following: I work for a small company that installed Splunk initially for a small user base as a standalone deployment. The demand as expanded to multiple departments and we need to convert to a distributed deployment. The deployment would be one dedicated search head, and one indexer.

My question is would this work for a conversion process?
1: Enable Index Clustering on current standalone instance.
2: Make the current standalone instance as a master node.
3: Bring up new indexer as a peer node.
4: Replicate the data from standalone to new indexer
5: Make new indexer the master node
6: Convert current standalone to dedicated search head.

Is this a valid process?

0 Karma
Reply

brian_rampley
Path Finder
‎05-15-2018 09:00 AM

Is there a reason, such as storage limitations, that you need to migrate the data off the existing stand-alone instance? The obvious easy path I see is to stand up the new server as a search head, and convert your existing instance into a an indexer.

The issue with your current process is that your existing indexed data buckets are not "clustered" buckets, and will not replicate.

More info at this link: http://docs.splunk.com/Documentation/Splunk/7.1.0/Indexer/HowSplunkstoresindexes#Bucket_naming_conve...

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...