Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to migrate local summary index on standalone search head to a clustered environment on indexers?

96nick
Communicator
‎10-02-2020 08:41 AM

Hey all, just need a sanity check:

I would like to migrate a summary index located on a standalone search head to a clustered index on my indexers. This was found after setting up the monitoring console in distributed mode and running a health check.

How would I do this? I have a feeling that a scp of the local indexed data to a indexer wouldn't replicate the data evenly (unless Splunk figures this out and does some magic). An idea I had was to push a new index via the CM and change the reports to use this newly-pushed index, although that would require some dashboard modifications since this summary index is used in our email dashboard, and the old data would just be sitting there and I'd like to have as few indexes out there as possible to follow best practices.

I had a couple steps written down to do, but I'd like to get a confirmation before I give it a go:

  1. Create new index (with new name) on CM and push to indexers
  2. Stop local summary index on SH

...

Thanks for your help!

Labels (2)
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...