Splunk Enterprise

Splunk Host Migration [Linux]

n3wbi3
Loves-to-Learn Lots

I have a fairly common Splunk deployment, 1 SH, 1 DS and two Indexers.

I want to upgrade from one Linux distro to another.

Any experiences? I only have this 

https://docs.splunk.com/Documentation/Splunk/9.1.4/Installation/MigrateaSplunkinstance

A documnetation which is certainly lacking!

Labels (3)
0 Karma

plymalebl
Explorer

Essentially if the only change is OS it should be fairly easy to migrate. Ensure the new systems have the same IP or Hostnames depending on whether you use names or IPs in the configs. Ensure the splunk user and group are created on the new servers, follow instructions for installing by tar file. Stop the current servers, tar up the /opt/splunk folder and any data store folder. Then untar them onto the new boxes. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

The docs aren't half-bad. They just assume you more or less know what you're doing and understand how Splunk works "underneath" (otherwise, you shouldn't touch stuff so that you don't break anything).

There is also the question of what you want to move Splunk to another machine which replaces the old onw (leave the same hostname, IP addresses, certs and so on) or do you want to move data to completely new instance.

Both of those scenarios are covered in the document you linked to.

But.

They might not account for everything that is happening in _your_ instalalation. For example, you might be storing TLS material outside $SPLUNK_HOME and just moving your $SPLUNK_HOME would lose those keys/certs.

So you need to check for stuff like that and noone can tell you in advance what it is. You have to know your environment.

 

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...