Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a concise guide for migrating an ITSI search head to a search head cluster?

csprice
Path Finder
‎04-26-2017 05:49 AM

I looked at the install guide for ITSI into a SHC as well as a doc for migrating from a single search head to a SHC. However, trying to parse together the steps and being successful has been problematic.

I've searched a ton and been unable to find a doc that addresses this specific use case. It doesn't seem like it would be a unique scenario. Can anyone point me to a guide for accomplishing this migration?

Thank you,

Steve

Labels (1)
Labels
Tags (3)
Reply

jcrabb_splunk
Splunk Employee
Splunk Employee
‎04-26-2017 07:30 AM

I reached out to one of the SME's for this product and they stated that there isn't a document which covers the process. It is typically handled by Professional Services due to the complexity which includes migrating the KVStore.

Jacob
Sr. Technical Support Engineer
0 Karma
Reply

paulstout
Path Finder
‎04-26-2017 05:59 AM

csprice, we are actively looking to migrate this scenario as well and running into similar challenges. We've engaged Splunk support/PS to help; I'll be happy to let you know what we find out! If you learn anything new in the meantime, can you please let me know?

Thank you!

0 Karma
Reply

csprice
Path Finder
‎04-26-2017 08:34 AM

Alright, I've had some limited success with regard to this issue.

The steps I've completed are as follows:
- build the SHC (this is the easy part)
- ensured /local configurations were maintained across original and new (authentication, authorization, etc)
- used the process detailed here: http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/Migratefromstandalonesearchheads This got some of the config across, but my KPI's weren't appearing
- finally used: https://docs.splunk.com/Documentation/ITSI/2.6.0/Configure/kvstore_to_json.pyoperations (this, as noted by the name, allows you to backup the kvstore and move it to the new cluster)

I'm still fighting a couple things (glass tables are not showing up on the new cluster) but I'm close. Hopefully this gives someone a point in the right direction.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...