I have a need to capture all of the Splunk work that I've done on one machine and move it to another machine. It's dev to dev, not an official deployment.
I tried copying the C:\Program Files\Splunk\etc\apps\search\local directory to the new machine, but the Dashboard & Views dropdown was the old one.
I also tried to copy $SPLUNK_HOME, but it did not get all of the files.
Any ideas on how to do this would be appreciated. The simpler, the better.
Thanks
Thanks.
There is a wiki article about this: Migrating a Splunk Install
But if the underlying operating system is the same, you can just copy the installation.
For example, in Linux, assuming that $SPLUNK_HOME
is /opt/splunk' and you are running as the user
splunkIT`
# on the current machine
su splunkIT
cd /opt/splunk/bin
./splunk stop
cd /opt
tar -czf splunk.tgz splunk
# on the new machine (assumes that user splunkIT exists there as well)
# copy the splunk.tgz to /opt using any method, and
# make sure that splunk.tgz is owned by splunkIT
su splunkIT
cd /opt
tar -xzf splunk.tgz
cd splunk/bin
./splunk start
Note that this assumes that the Splunk indexes are also stored beneath the /opt/splunk
directory. If they are not, you will have go through similar steps to copy them as well.
I closed the browser and restarted splunk.exe restart from the command line. The menu items now appear.