I have gone thru multiple answers and also splunk documentation about migrating from standalone search head to SHC but my usecase is bit different.
We want to deploy splunk enterprise service in AWS and as part of it, we create a SHC with say 5 search heads. Upon requirement of OS upgrade or splunk vesion upgrade, we want to spawn 5 totally new EC2 instances to form new SHC with new AMI that has the upgrades.
How do we copy old SHC data/settings(search artifacts - dashboards, saved searches etc) to the new one? What is the best way to achieve this?
if you are doing Splunk update at same time only to the new environment then you should do this like docs said for SH to SHC migration. But if you are doing first the migration and then update then another option is first migrate deployer and then stretch the current shc with the new nodes and then remove old ones. Of course this needs ip connection between onsite and Aws. r. Ismo
For new deployment, we will have new AMI baked with OS/Splunk Upgrade and create EC2 instances with this AMI. We will have a new deployer and new SHC in this case. But how can we copy the settings/data from old SHC to new SHC?
Basically export all wanted apps (e.g. Splunk package app <app name> for all apps one by one) then copy those to the new deployer. If there are something in kvstore that may be copied separate? Then stop old one, copy user settings/data to the new deployer and deploy all to the new. Then it should work and contain all data from old shc. r. Ismo