Hi,

I will bump this thread as Ihave a similar question. We have been running Splunk free for a couple of our applications. It is running at version 4.0.6. We are now going with Splunk at large in our network. So a new instance of Splunk has been setup with the latest 4.2 version. It would be very good if data from the 4.0.6 version could be migrated to 4.2 version.

So when reading about common migrations it seems like moving the $SPLUNK_HOME/var/lib/splunk is all you need to do. But is this applicable even between 4.0.6 and 4.2.X? What about existing data on the 4.2.X instance. Is it possible to merge /var/lib/splunk between the two servers?

Cheers

If you don't have a custom datastore configuration, the standard Splunk data lives under $SPLUNK_HOME/var/lib/splunk. In this directory, you will see a folder for every index, with defaultdb being the folder containing the main index (the default index where new data is indexed and made available for search). If you are starting with a brand new 4.1.3 installation, stop both Splunk instances, then copy the entire defaultdb folder from the 4.0.1 instance to the same location on the 4.1.3 instance. Once you start Splunk 4.1.3, you should have all your old data in your new instance.

If you do have a custom datastore configuration, then please post more details on the setup.