Solved: How to migrate search app content from an old Splu...

Raghav2384 · ‎08-03-2015

Experts,

We have a Splunk instance which is 3 years old and need to migrate the content to new search head cluster. We have pushed all the custom apps through the deployer. Questions is, how to push the old search app's content to the new search head cluster members using the deployer? I know we have to create a TA in the shcluster/apps directory, but it for some reason, it doesn't like to push the search app. Also, what's the best way to deploy /etc/users/ from the old standalone Splunk search head to the new SHC using the deployer? Just copy all the user directories and place them under /shclusters/users/? This deploying search content is a little confusing to me.

Thanks in advance,
Raghav

hgrow · ‎08-04-2015

Hi Raghav,

if you havn't read it already this might help you:

http://docs.splunk.com/Documentation/Splunk/6.2.4/DistSearch/Migratefromstandalonesearchheads

Greetings

View solution in original post

hgrow · ‎08-04-2015

Hi Raghav,

if you havn't read it already this might help you:

http://docs.splunk.com/Documentation/Splunk/6.2.4/DistSearch/Migratefromstandalonesearchheads

Greetings

Raghav2384 · ‎08-05-2015

Hi @hgrow,

Thank you for your reply. I did go through the documentation. I learnt that search app has be renamed before pushing to the shc and leave local/* out of it.

Thank you for your time

How to migrate search app content from an old Splunk instance to new search head cluster members using the deployer?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector