Hi @PickleRick, Thank you so much for your help...Please find the comments inline: 1. I assume (never used it myself) that Amazon Linux is also an RPM-based distro and you'll be installing Splunk...
See more...
Hi @PickleRick, Thank you so much for your help...Please find the comments inline: 1. I assume (never used it myself) that Amazon Linux is also an RPM-based distro and you'll be installing Splunk the same way it was installed before. Yes, Amazon Linux natively supports RPM package installer 2. Remember to shut down Splunk service before moving the data. And of course don't start the new instance before you copy the data. Got it. 3. I'm not sure why you want to snapshot the volumes. For backup in case you need to roll back? Yes, correct..in case there is a need to rollback 4. You might have other dependencies lying around, not included in $SPLUNK_HOME - for example certificates. In our case, the ssl certificates are deployed under /opt/splunk/etc/certs/ as the ssl offloading is directly on the server and there is no loadbalancer or proxy in the front. Can you think of anything else that may deployed outside of /opt/splunk 5. If you move whole filesystems between server instances the UIDs and GIDs might not match and you might need to fix your accesses. Can we recursively chown the files on the new server after migration to ensure correct ownership, hope that should take care of it sudo chown -R splunk:splunk /opt/splunk Oh, and most importantly - I didn't notice that at first - DON'T UPGRADE AND MOVE AT THE SAME TIME! Either upgrade and then do the move to the same version on a new server or move to the same 8.x you have now and then upgrade on the new server. Sure I prefer doing the latter, but the older version of Splunk Enterprise 8.2.2.1 does not support Amazon Linux.