Thanks Giuseppe. Let me check where are the alerts and reports configured and let me move that file now.

SH1 has 8 indexes out of which 1 is a major index say IDX_imp for the customer.
So they decided to bring SH2 which will be dedicated for IDX_imp and rest 7 will be on the same SH1
Both the SHs have same search peers and License Master.
Having said this I have copied the app from SH1 to SH2 and there I got all the 8 indexes mapped where excpet for the IDX_imp I disabled all other indexers from SH2.

Now only thing left to be done is migrate the alerts and reports configured for IDX_Imp to SH2 then I can disable that one index from SH1.

Hope my idea will be more clearer now.

Thanks.
Vikram.

Only one question: are alerts and reports you have to migrate at least in one of your apps or not?
If you created reports and alerts within an App, when you copy this App you copy all reports and alerts, you don't need to copy other, savedsearches.conf is in the local folder of your app and is copied with your app.

So you should verify if all your objects (reports, alerts, fields, ...) are shared at App level, in other words if they are in your Apps, if not you have to share them in an App and then copy again this App.
In this way you're sure that copying an App you'll copy all you need.

About the need to disable indexes on a SH, you configure a SH to search on one or more search peers, in this way you see all the indexes of the configured Indexers, you can restrict access to indexes using roles.

Bye.
Giuseppe

SH1 has 8 indexes out of which 1 is a major index say IDX_imp for the customer.
So they decided to bring SH2 which will be dedicated for IDX_imp and rest 7 will be on the same SH1
Both the SHs have same search peers and License Master.
Having said this I have copied the app from SH1 to SH2 and there I got all the 8 indexes mapped where excpet for the IDX_imp I disabled all other indexers from SH2.

Now only thing left to be done is migrate the alerts and reports configured for IDX_Imp to SH2 then I can disable that one index from SH1.

Hope my idea will be more clearer now.

Thanks.
Vikram.

Thanks cusello this was helpful. I did scp for the app from old SH to new SH thus indexes are able to get migrated.

But in new SH I am unable to see reports and alerts for the indexes on old SH. Some where I read we can get this done from savedsearches.conf file. Please suggest where can I find this file or is there any other way I can get the saved reports, alerts and dashboards migrated.

Lastly I need to filterout only those searches which are configured on particualr index and not entire searches.

Thanks again for your intrest in replying.

Sorry but I don't understand your requisite: you have two Search Heads (the New and the Old) that access to one or more Indexers as search peers, correct?
Why you speak to migrate indexes? on the Search Heads there isn't any index so you don't have any index to migrate!
You have only to configure the new Search Head to see the same indexers of the Old one and copy Apps.
Eventually, if in your searches there isn't any explained indexes (index=your_index) there could be a path problem: in the new Search Head, you have to replicate the roles of the Old one.

Bye.
Giuseppe

You should be able to view this from settings > Searches, reports, and alerts from the GUI. Select the App Context and Owner. If you are unsure of this context or owner just sleect "All" and "any" for owner. If you still can't see your saved searches this could suggest an issue with permissions possibly.

savedsearches.conf can be found within each app. For example, if I had saved searches within the 'search' app context I could find them under $SPLUNK_HOME/etc/apps/search/local/savedsearches.conf.

Hope this helps.