I have inherited a HF running on a Linux server collecting data from several cloud sources using the inputs from below TAs, that need to be moved to a newly built Linux server (no Splunk version upgrades).
Can you please recommend any procedures and best practices to make sure there is no data duplication ?
Thinking of the below ways, will any of these work and which is better ?
a. Stop Splunk on old host and copy Splunk directory to new host. b. Change the splunk server/instance name to match the new host. c. Start splunk on the new host.
2. Install fresh Splunk on new host, and configure TAs, is there a way to move any checkpoints (or something similar to fishbuckets ? ) from the old HF, so that the TAs pull data from where it was stopped on the existing HF ?