Splunk ITSI

Migrating Splunk ITSI Content packs to Splunk Cloud

AMAN0113
Explorer

Hi, 
We have a requirement to migrate ITSI Content packs to Splunk Cloud. Is it possible to achieve this?
If yes, Could you please help with the list of steps to perform for this?
I would also want to know what are the risks involved.

Labels (1)
0 Karma

lperini_splunk
Splunk Employee
Splunk Employee

If you have already deployed the CP into services/kpis/correlation searches, neaps, etc, it means they would be existing objects into your ITSI. You can take a ITSI Backup from this environment and restore into another deployment (like cloud for example) and check the objects there. Just make sure to adjust the inputs and make sure the lookups and indexes would be there too

0 Karma

srauhala_splunk
Splunk Employee
Splunk Employee

Hi @AMAN0113 

I would consider not migration the content pack but rater do a fresh install in Splunk Cloud.

Is the reason that you want to migrate that you have made changes to the content pack? If so try to identify the components needed for your solution to work, and consider migration them with a ITSI backup in combination with a private app holding all your custom *.conf configurations. Note! This can be a bit picky and you will need to identify all lookup / kv-stores / macros etc that will need to be migrated and have them available before restoring the backup. And of course Cloud and on prem-need to be on the same version. 

Do not restore a full backup to Splunk cloud or any other environment. Full backups contains entities, services, episodes and stuff that should be generated by source data.  

/Seb

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...