Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Migrating Splunk ITSI Content packs to Splunk Cloud

AMAN0113
Explorer
‎09-21-2023 07:06 PM

Hi, 
We have a requirement to migrate ITSI Content packs to Splunk Cloud. Is it possible to achieve this?
If yes, Could you please help with the list of steps to perform for this?
I would also want to know what are the risks involved.

Labels (1)
Labels
0 Karma
Reply

lperini_splunk
Splunk Employee
Splunk Employee
‎12-20-2023 01:42 AM

If you have already deployed the CP into services/kpis/correlation searches, neaps, etc, it means they would be existing objects into your ITSI. You can take a ITSI Backup from this environment and restore into another deployment (like cloud for example) and check the objects there. Just make sure to adjust the inputs and make sure the lookups and indexes would be there too

0 Karma
Reply

srauhala_splunk
Splunk Employee
Splunk Employee
‎11-10-2023 06:06 AM

Hi @AMAN0113 

I would consider not migration the content pack but rater do a fresh install in Splunk Cloud.

Is the reason that you want to migrate that you have made changes to the content pack? If so try to identify the components needed for your solution to work, and consider migration them with a ITSI backup in combination with a private app holding all your custom *.conf configurations. Note! This can be a bit picky and you will need to identify all lookup / kv-stores / macros etc that will need to be migrated and have them available before restoring the backup. And of course Cloud and on prem-need to be on the same version. 

Do not restore a full backup to Splunk cloud or any other environment. Full backups contains entities, services, episodes and stuff that should be generated by source data.  

/Seb

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...