I have a situation where we're rolling out a new Splunk deployment on replacement hardware, and I want to start with a fresh install of Splunk, sans many of the no-longer-needed hacks that the previous instance is riddled with throughout its configuration. This means I will not be migrating over the entire $SPLUNK_HOME directory, so far only user information and saved searches, which I already know how to do.
Regarding the migration of indexes, I found the following thread:
https://answers.splunk.com/answers/3516/how-do-i-migrate-my-splunk-data-to-a-new-machine.html
The answers for which state that only the defaultdb folder need be copied over to successfully migrate the main index from one instance to another. However, this information was in reference to 4.0.1/4.1.3, and I am wondering - is it still accurate? The var/lib/splunk directories seem to differ quite considerably between our two instances at the moment, which is what gives me pause.
... View more