I am facing problems with restoring splunk.
I require the searches, indexed data and users created on one installation of splunk to reflect on a fresh installation of splunk.
The steps I followed are:
For restoring data, I copied “defaultdb” folder from Splunk/var/lib/splunk/defaultdb ; “search” folder from Splunk/etc/apps ; “users” folder from Splunk/etc after stopping the splunk services.
Then, after stopping the splunk services on the fresh installation, I replaced the existing “users” and “search” folders with the ones I had copied. But, the saved searches and users did not reflect in Splunk.
Also, when I replaced defaultdb (after stopping the splunk services) in the fresh installation, splunk did not start and it says that splunkd started and then stopped.
Let me know where am I making a mistake and how to correct it. I need it urgently.
... View more