We've recently combined with another company that had a Splunk installation (B), just one server collecting network device info into the main index. We have a Splunk installation (A) which has multiple indexes, including one for networking. I'd like to take all the data from the main index on B and move it into the networking index on A.
Both machines are Windows 2012 R2. Those network devices that were reporting to instance B have been redirected to instance A so server B is receiving no new data.
I attempted moving the db_*
folders from ./main/db on server B to the index named networking on server A and restarted the splunkd service, but still cannot search this data.
I've searched Splunk Answers and found many topics about moving to another index of the same name, but not to an index with a different name. Any help you can provide would be much appreciated.
Yes, we are licensed for 10gb a day and only hitting about 7. I'm not sure what you mean by re-indexing the data. How can I accomplish that?
do you have enough license? if yes, just reindex the data over a weekend again would be simpler
Have a look here please and see if that's what you are looking for:
Do I need to check for conflicts outside of the index I'm trying to place the db folders in? If not, then yes I checked for conflicts.
I've copied the db_ folders into the index networking but still cannot search the data.
Did u check if there were any bucket id conflicts which the link talks about which needed to be renamed on movement.?
I've copied the db_* folders from db into the index networking on server A but still cannot search the data.