Migration of Standalone Splunk Enterprise from ser...

PComSplunk · ‎02-25-2024

We are currently looking to migrate our Standalone Splunk Enterprise server from the existing ec2 to a new ec2. The new server will be based on AWS Marketplace AMI for version 9.0.8: https://aws.amazon.com/marketplace/pp/prodview-l6oos72bsyaks?sr=0-1&ref_=beagle&applicationId=AWSMPC...

Reason for migration: we want to use the Marketplace AMI while upgrading the Splunk Version

Since this migration involves going from version 8 to version 9, just copying over the apps(they contain the indexes) hasn't given us the result we wanted in our dev/test environment. We end up with no search UI loaded when the search app is copied over from the previous version 8 server to the version 9 server.

Has anyone else migrated their server this way i.e. jumping versions while migrating to the new server?

What would the community recommend in terms of a scenario that we currently have? Would an in place upgrade to version 9 and then copy over to the new server be a better option/recommended?

richgalloway · ‎02-27-2024

I would recommend an in-place upgrade to version 9 and then copy Splunk to the new server.

In general, one should not copy an entire built-in app (like search) between instances. Transfer only the local folder.

---
If this reply helps you, Karma would be appreciated.

Migration of Standalone Splunk Enterprise from server on version 8.2.2.1 to server on version 9.0.8

administration

configuration

installation

upgrade

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...