I'd like to change my Splunk server to a different Linux distribution from Fedora to Centos. Indexer, search head and splunk web is all running off of one singer server for now. If I give the new Splunk server the same IP as the existing server after shutting down the old server, do I need to do any reconfiguration of all my splunk forwarders?
Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf
), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.
Correct; as long as your new server has the same IP address (or hostname, depending on what you had in your configuration files, e.g. outputs.conf
), everything will work just fine. Since you are going back and "getting things right", you should make sure that you setup both a Deployment Server and a Management Console, too.
are the forwarders outputs.conf is by IP or servername?
It is by IP
will ask community to verify but i think you will be fine
I believe they should be fine. Is your standalone instance a Deployment server as well?
Forwarder management was never configured on this instance. All the apps and forwarders were manually deployed and configured from each host.
So, as long as new standalone servers is same network configuration (IP, Firewall rule/cname etc if any), this should work just fine.