Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search Head Migration

splunkguy
Observer
‎09-29-2023 10:56 PM

How do I migrate Dashboards and alerts from older standalone search head to new standalone search 

Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-30-2023 01:55 PM

Well...the idea is relatively easy (you want to capture old SH state and set the new SH to the same state) but the details can be tricky.

Generally, you want to move the config files (both system-wide and users' ones) and kvstore state.

The problem is that if you're migrating, you might not need some stuff if you'll be deploying on a new instance (like certs might need to be generated for a new name) so you'll have to be selective about restoring the configs.

0 Karma
Reply

splunkguy
Observer
‎09-30-2023 02:06 PM

Hi @PickleRick , 

Thanks for replying,  my issue is that Splunk SH is running on Linux 6 and I have to migrate it to Linux 8 because Splunk 9.1 is not supported on Legacy Linux.

So I have built a new instance and added to cluster, as a standalone SH it can search the data and I can make it primary, but not sure how to copy Dashboards/alerts built by users that are no longer active. So that's where I am looking for options to copy it from old instance to new before making it active. 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-30-2023 02:28 PM

Generally, system-wide stuff is in etc/system and etc/apps whereas users' content is in etc/users. You need to remember however that your stuff probably depends on add-ons which do the extractions. If you use datamodels, they should be properly defined and configured. And so on.

0 Karma
Reply

splunkguy
Observer
‎09-30-2023 09:51 AM

Hi @gcusello , 

Thanks for replying. I am using a standalone search head. Would like to move to a standalone search head and not a search head cluster. Is that  the same process for migrating apps to standalone search head?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-01-2023 01:16 AM

Hi @splunkguy ,

to move a standalone Search Head to another standalone SH, you have to make the same steps, obviously without the cluster:

  • make a copy of the Apps to migrate from the old SH to the new one,
  • copy the above Apps in the new SH in $SPLUNK_HOME/etc/apps.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-29-2023 11:24 PM

Hi @splunkguy ,

follow these steps:

  • make a copy of the Apps to migrate from the old SH to the SHC,
  • install and configure the SH Cluster,
  • copy the above Apps in the SHC-Deployer, in $SPLUNK_HOME/etc/shcluster,
  • Deploy them using the command
    • splunk apply shcluster-bundle -target URI:management_port -auth username:password

You can find more details at https://docs.splunk.com/Documentation/Splunk/9.1.1/DistSearch/PropagateSHCconfigurationchanges 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...