Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Multiple Splunk indexer with same $SPLUNK_DB location

sujoybose77
Explorer
‎07-27-2019 03:48 AM

Hi,
I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk version 6.3.4.
Now I want to migrate the indexers to another VM (VM2) with newer splunk version 6.6.12 keeping the same NAS location as $SPLUNK_DB.
Is it possible? I have heard that no two indexer will see each other's indexed files. Is that true?
In that case what approach I can take to migrate my indexer?

0 Karma
Reply

woodcock
Esteemed Legend
‎07-28-2019 05:48 AM

Why would you do this? Working with VMs makes this kind of thing easy so you should not need 2 indexers at the same time. Your forwarders can buffer events for the short time that it would take to upgrade your VM/splunk and have it come back up. You are overcomplicating your situation.

0 Karma
Reply

sujoybose77
Explorer
‎07-29-2019 12:08 PM

Woodcock, We have organization limitations on VM storage that's not enough to hold large amount of indexed data

0 Karma
Reply

woodcock
Esteemed Legend
‎07-29-2019 01:58 PM

You need to clarify your question. It doesn't make sense to me.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...