- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Re: How to migrate data from the "main" index on S...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to migrate data from the "main" index on Splunk server B to an index named "networking" on Splunk server A?
We've recently combined with another company that had a Splunk installation (B), just one server collecting network device info into the main index. We have a Splunk installation (A) which has multiple indexes, including one for networking. I'd like to take all the data from the main index on B and move it into the networking index on A.
Both machines are Windows 2012 R2. Those network devices that were reporting to instance B have been redirected to instance A so server B is receiving no new data.
I attempted moving the db_* folders from ./main/db on server B to the index named networking on server A and restarted the splunkd service, but still cannot search this data.
I've searched Splunk Answers and found many topics about moving to another index of the same name, but not to an index with a different name. Any help you can provide would be much appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, we are licensed for 10gb a day and only hitting about 7. I'm not sure what you mean by re-indexing the data. How can I accomplish that?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
do you have enough license? if yes, just reindex the data over a weekend again would be simpler
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a look here please and see if that's what you are looking for:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do I need to check for conflicts outside of the index I'm trying to place the db folders in? If not, then yes I checked for conflicts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've copied the db_ folders into the index networking but still cannot search the data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did u check if there were any bucket id conflicts which the link talks about which needed to be renamed on movement.?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've copied the db_* folders from db into the index networking on server A but still cannot search the data.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
