Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Moving SmartStore contents to another SmartStore

cking
Engager
‎05-21-2024 07:21 PM

We currently have a Splunk Enterprise cluster that uses SmartStore in AWS S3. We're looking to move the cluster to an entirely new AWS account.  However, we are not sure of the best way to move the contents of the SmartStore without corrupting any of the files that have been indexed.  What would be the best way to migrate from one SmartStore backend to another SmartStore backend without losing any data? 

0 Karma
Reply

cking
Engager
‎05-22-2024 05:40 AM

Hello Tejas, 

Thank you! We will give this a shot first in our dev environment and see how it goes.

0 Karma
Reply

tej57
Builder
‎05-21-2024 11:09 PM

Hello @cking

You can follow the following steps for migrating the buckets from one smartstore location to the other.

- Enable maintenance mode on the cluster-manager

- Stop splunk on the indexer peers using splunk stop command.

- Ensure that all the hot buckets have been rolled to warm state

- Move all the buckets from current location to the desired one

- Change the associated parameters in indexes.conf

- Push the bundle to all the indexers

- Verify that the data is searchable and connected to the new storage.

You can refer to the following documentation link for migration steps - https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/MigratetoSmartStore. Although, the document mentions migration from non smartstore to smartstore index, similar steps can be used for migration to different S3 location. 

PS> This activity should be performed via Splunk PS due to complex nature of the task.

Thanks,
Tejas.

 

---

If the above solution helps, an upvote is appreciated.

Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...