Since this is a distributed environment. I think the best approach here would be as follow: Migrare your management nodes first like Cluster manager, SHC Deployer, Deployment Server, etc. Migrate the Search tier Migrate Indexers Now the question is how do you achieve this with less to no downtime?  For CM: Setup new RHEL 9 machines Backup  Setup Splunk on the new machine Copy/Merge "/system/local" and "etc/manager-apps" directory to the new machine  Restart Splunk  Update the DNS or IP. Easier way would be to deattach the DNS/IP of older CM and attach it to the new CM. Once the DNS/IP is update, your old indexers should start reporting to the new CM For Indexers: Setup new RHEL 9 machines Now for example if you have 6 IDXs in your old cluster, then spawn 6 new machines in RHEL version Setup Splunk on the new machines  Ensure all the machines are part of one cluster(i.e older indexers and new both) Start decommissioning  old indexer one at a time. This will migrate the copy to the reminder IDXs: https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Takeapeeroffline Rebalnce the data if needed. This way you won't have any downtime on data ingestion or searching. For SH  Setup new RHEL 9 machine Backup  Setup Splunk on the new machine Copy/Merge "/system/local" and "etc/apps" directory to the new machine  Restart Splunk  Update the DNS or IP. Easier way would be to deattach the DNS/IP of older SH and attach it to the new SH. (Optional) Ensure you are able to search the data as a part of sanity checks   Another approach is mentioned in this Splunk Docs which will be tedious and would require downtime and lot of manual work:  Please let me know if you have any concerns.    ... View more