Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Moving Splunk from one computer to another

profileaudio
New Member
‎07-22-2011 11:52 PM

Can you point me in the right direction.
My existing database must be retained on migration to another machine.
I am running 4.2.2 on Max OSX Lion

Cheers,

Paul

Tags (2)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎10-22-2012 03:34 PM

If you are on windows to windows (32bit to 64 or 64bit to 64bit)

Here are the steps :

  • Stop the old instance, stop the new instance
  • redirect the forwarder to the new instance (or not if you use the same ip/uri)
  • backup the full $SPLUNK_HOME\etc\folder
  • move to the equivalent folder the auth and ssh keys : $SPLUNK_HOME\etc\auth (that also contains the secret key for password encryption) the user password : $SPLUNK_HOME\etc\passwd the apps $SPLUNK_HOME\etc\apps\ the local configuration $SPLUNK_HOME\etc\system\local ( eventually modify the server.conf and inputs.conf from ...\etc\system\local that contain the hold hostname ) the users folders$SPLUNK_HOME\etc\users
  • on the original move the indexes check in indexes.conf to see the path of all your indexes, the default is using a dynamic path $SPLUNK_HOME\var\lib\splunk\

If they are hard coded as c:\program files\splunk\var\lib\splunk\... then change them to the new location
- double check the permissions on the files.
- restart the new indexer and verify that all is working, and searchable

0 Karma
Reply

aholzer
Motivator
‎09-14-2012 06:07 AM

The easiest way to do it would be as follows:
1) run ./$SPLUNK_HOME/bin/splunk stop
2) Find your indexes.conf where you define where to save your indexes (could be in etc/apps, or etc/system/local). Zip all the db related files that you find in the directories defined in your indexes.conf.
3) Zip your $SPLUNK_HOME directory.
4) Port over both zips to the new box, and unzip them.
5) Make sure you run a search for any metadata files containing the name / ip of the old server.
6) run ./$SPLUNK_HOME/bin/splunk start.

I used this method to upgrade a number of forwarders to include certain basic configurations, and to port over the databases from one location in a shared drive, to a different one.

Hope this helps.

Reply

aholzer
Motivator
‎09-14-2012 06:44 AM

Maybe I just misunderstood you. As long as you defined the paths in your configurations, and you include in your zip all of the contents inside your $SPLUNK_HOME, then all configuration files will move along with your splunk installation. Therefore pointing to the same places that your old server was pointing to, no matter what type of splunk you are porting.

0 Karma
Reply

aholzer
Motivator
‎09-14-2012 06:40 AM

I thought you were talking about an indexer (hence your database question). If you are talking about a forwarder then yes, you will have to update the monitoring path inside of the inputs.conf file, unless of course your new machine has the exact same directory structure.

0 Karma
Reply

HXCaine
Path Finder
‎09-14-2012 06:31 AM

What about hard-coded paths? E.g. for directory data inputs

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎07-23-2011 01:34 PM

http://www.splunk.com/wiki/Deploy:Migrating_a_Splunk_Install

Reply

HXCaine
Path Finder
‎09-14-2012 04:09 AM

This is a bad guide. It only contains tips, but it doesn't say anywhere which directories should be moved.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...