I have a distributed 6.2.3 setup with a single Search head , an Indexer cluster and a single Heavy Forwarder . This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.
I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.
Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of $SPLUNK_HOME/etc .
Your feedback and assistance is appreciated.
Thanks.
... View more