Hello everybody, I am upgrading Splunk Enterprise from 7.3.X to 8.2.5 (Windows). Due to the compatibility, I also need a more recent Windows version on my hosts to support Splunk. Therefore, I'm gonna use a new host for each server. The architecture includes: - 1 cluster master - 1 deployment servers - 1 search head - 2 indexers (cluster) - 1 poller (heavy forwarder) - n universal forwarders I've found HERE how to migrate a Splunk Enterprise instance from one physical machine to another, can anybody confirm me the following procedure? - Stop Splunk Enterprise services on the host from which I want to migrate - Roll any hot buckets on the source host from hot to warm - Copy the entire contents of the $SPLUNK_HOME directory and all the directories containing buckets from the old host to the new one - Turn off the old host - Configure the new host in order to have the same IP address and hostname of the old host. This avoid not to redirect forwarders to the new instance - Install Splunk Enterprise 7.3.X on the new host - Verify that the index configuration (indexes.conf) file's volume, sizing, and path settings are still valid on the new host. - Start Splunk Enterprise on the new instance. - Log into Splunk Enterprise and confirm that your data is intact by searching it - Upgrade from 7.3.X to 8.1.X and then to 8.2.5 Should I apply these steps to every host? What about the two indexers? I'm gonna need to migrate data, what's the correct procedure? Also, I'm afraid that the new installation would reingest data from the poller, should I do something to prevent it? Last thing: I'm gonna probably need to change the IP of one indexer, when should I change its configurations? Thanks in advance for any help.
... View more