Migrating/Copying lookup file from an existing Sea...

Splunk Search

We are trying to create a new Enterprise Security Search head cluster (with latest ES version ), Whats the best way to migrate/copy the lookup files from apps on an exisiting Search head cluster to the new Search head cluster on 7.3.0 version.

1) Copy over the lookups from existing Search head cluster members to the new deployer app's lookup directory and apply the shcluster-bundle ?
2) Stop all the new SHC members and scp the lookup files on to the SHs directly with out using deployer ?

Kindly advise the best possible method to achieve this.

Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...