I will be moving an existing Splunk installation (and all the data, inputs and customizations, etc) over to a new server (Linux to Linux) and from what I gathered from all the documentation, the process would be this:
Is this the entire process for a Linux to Linux server migration? I just need clarification because there are conflicting pieces of advice on whether you copy the files over first and then install Splunk on top, or install Splunk first and then copy the files over the new installation.
Please advise.
Depends on the version numbers. In theory, you can do this:
However, if this is also your indexer, you may have to wait a looong time to transfer the indexes.
Latest and greatest version - 5.0.4
And yes, this is the indexer. I'm looking at applying retention rules to the indexes before migration to hopefully reduce db sizes.