Hi
I have free splunk instance in my lap top and I wan to migrate the database, index, dashboard, etc to one server with splunk enterprise
Regards
Splunk configuration (and buckets) are relatively portable.
Personally, I would:
1.) install a fresh copy of the the SAME version of splunk on your target server.
2.) Run through FTR, set passwords, ports etc.
3.) STOP Splunk on your new server
4.) STOP splunk on your laptop
5.) Copy the contents of $SPLUNK_HOME/etc/apps to your new server
6.) Copy the contents of $SPLUNK_HOME/var/lib/splunk to your new server
7.) REVIEW any changes you have made to the system settings (found in $SPLUNK_HOME/etc/system/local/*.conf) and CONSIDER coping them too.
8.) Start Splunk on the server and check all your data/config/apps and dashboards are as you expect.
You should also copy splunk.secret
from the old server BEFORE you start the new server's splunk the first time.
You may want to also make sure you copy $SPLUNKHOME/etc/users -- this will bring in dashboards and settings that are defined with user scope.
Regarding indexes - you may not want to bring the splunk internal indexes - and only the ones with your onboarded data (assuming you don't want the internal indexes)
Hi, the splunk services don´t running
Can you paste the last 30 lines from Splunkd.log