Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Splunk 7.1.2 Migration from Windows 2016 to Splunk...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
any help, please.
Here the situation
machine1: Windows 2016 with Splunk 7.1.2
machine2: Windows 2022 with Splunk 9.4.4 (splunk installed already here)
How to migrate the Splunk env from machine1 to machine2?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It hugely depends on what you mean by "migration". If you want your whole environment "moved", you will not only need to perform the upgrade and move but also plan for adjusting all the surrounding components, especially your data sources.
But if you want to only move the already indexed data, that could actually be quite simple. Splunk should be able to read buckets created by older version.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It hugely depends on what you mean by "migration". If you want your whole environment "moved", you will not only need to perform the upgrade and move but also plan for adjusting all the surrounding components, especially your data sources.
But if you want to only move the already indexed data, that could actually be quite simple. Splunk should be able to read buckets created by older version.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PickleRick,
from many choices I choose this one. Bucket migration, install the 9.4.4, complete rebuild, refactoring of the necessary Splunk architecture on 9.4.4. I tried the soft migration steps, absolutely without success. No install packages available, no exact clear workaround of the subMigrations and compatibility of Splunk apps.
So, if I can choose the final solution of my problem, I choose yours advice, to migrate the bucket only.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @spisiakmi
There is quite a bit to unpick here, Is this a single Splunk instance?
The upgrade path from 7.1.2 to 9.4.4 is as follows:
7.1.2 -> 8.1.x (https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/9.0/upgrade-or-migrate-...)
8.1.x -> 9.0.x (https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/9.0/upgrade-or-migrate-...)
9.0.x -> 9.2.x (https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/9.2/upgrade-or-migrate-...)
9.2.x -> 9.4.x (https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/9.4/upgrade-or-migrate-...)
There are numerous things to consider at each step so you should read and understand the "READ THIS FIRST" documents for each upgrade before upgrading.
There are also various OS constraints because not all versions will be compatible with your OS, so you might need to do some upgrades on Server 2016 and then move the relevant files to your Server 2022 machine before continuing the upgrade.
Splunk 9.x support 2022 and has limited support for 2016 (https://help.splunk.com/en/splunk-enterprise/get-started/install-and-upgrade/9.0/plan-your-splunk-en...) So it might be that you upgrade to 9.0.x on machine 1 then move to machine 2 to continue the upgrade path.
In terms of what you need to migrate between the servers, this will depend on what you are using within Splunk (e.g. Modular inputs, kv stores, etc etc ) - It might be worth copying the entire Splunk folder!
I hope this helps, ultimately there is more to it but this should be a good start. If you have multiple servers in your deployment there is also a specific order in which different components need upgrading that should be considered.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi livehybrid,
thank you very much for such a fast reaction. Here my subAnswers to your questions:
- yes, it is a single splunk inst.
So I jump on it. Your summary is great. Thx.
m
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should remember first stop splunk then full backup of it installation and then continue.
And remember that you should have all those splunk versions including oldest to do a full restore if needed.
You probably have some/many additional apps in your installations? Probably some of those have also interactions how to upgrade those version by version. You must check this and also try to get those needed versions. Unfortunately that could be quite hard task to do as many apps have only latest or couple of latest versions in splunkbase and also instructions are probably missing!
So most important thing is make great plan how to proceed.
One option (especially if you don't need old data) is start from scratch. Just install needed apps etc. into a new and start to get data in. Of course if you need old data regularly then this is not an option for you.
.conf25 Community Recap
Splunk App Developers | .conf25 Recap & What’s Next
Congratulations to the 2025-2026 SplunkTrust!
