Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Database copy to new_instance

DataUser007
New Member
‎09-28-2023 03:49 AM

I have a windows server and it's OS got crashed but i have the splunk database  in the another drive which is fine now the steps I have performed are in the new splunk installation are:

1. Copied the configurations of the previous splunk application from the backup i have in to the new application.

2. Changed the database location and created the database structure in another drive apart from C: drive.

3. Now from the earlier database i copied the indexed data in to the new data base where i have overwritten the already present indexes which are created as per the indexer configuration.

4. Now when i restart the splunk i am getting a "DIRTY_DATABASE File (.dirty_database)" file generated.

5. But i can see the data in the indexes when i ran a search

So, the question is whether the procedure i followed is correct or is there any other way to do this

Thanks,

Your well wisher

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-05-2023 11:32 PM

Hi

here is link how to move index database to the nee location https://docs.splunk.com/Documentation/Splunk/9.1.1/Indexer/Moveanindex

When I need to move db to the new node I have followed this https://community.splunk.com/t5/Installation/How-to-migrate-indexes-to-new-indexer-instance/m-p/5280... That was for linux node, but you can do same procedure with windows with small changes to used commands.

  1. Copy data + configurations to correct place
    1. As you are moving SPLUNK_DB to a new directory,  you must update correct parameters (see docs link)
  2. Install fresh splunk (same version than in old node)
  3. Start splunk
  4. Check that all is ok
  5. Update to the latest/needed version

r. Ismo

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...