Splunk ITSI

Migrating Splunk ITSI Content packs to Splunk Cloud

AMAN0113
Explorer

Hi, 
We have a requirement to migrate ITSI Content packs to Splunk Cloud. Is it possible to achieve this?
If yes, Could you please help with the list of steps to perform for this?
I would also want to know what are the risks involved.

Labels (1)
0 Karma

lperini_splunk
Splunk Employee
Splunk Employee

If you have already deployed the CP into services/kpis/correlation searches, neaps, etc, it means they would be existing objects into your ITSI. You can take a ITSI Backup from this environment and restore into another deployment (like cloud for example) and check the objects there. Just make sure to adjust the inputs and make sure the lookups and indexes would be there too

0 Karma

srauhala_splunk
Splunk Employee
Splunk Employee

Hi @AMAN0113 

I would consider not migration the content pack but rater do a fresh install in Splunk Cloud.

Is the reason that you want to migrate that you have made changes to the content pack? If so try to identify the components needed for your solution to work, and consider migration them with a ITSI backup in combination with a private app holding all your custom *.conf configurations. Note! This can be a bit picky and you will need to identify all lookup / kv-stores / macros etc that will need to be migrated and have them available before restoring the backup. And of course Cloud and on prem-need to be on the same version. 

Do not restore a full backup to Splunk cloud or any other environment. Full backups contains entities, services, episodes and stuff that should be generated by source data.  

/Seb

Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...