Hi,
We have a setup which is running on Splunk 4.3.1. We have a new setup running on Splunk 5.0.4.
We have diverted all our traffic to new setup. Now we want to move all the warm dbs from older setup to new setup. To complete this exercise successfully, we are thinking of following approaches.
Approach 1:
Take all the db_ directories from our 10 index directories IDX1/db_, IDX2/db_ ..... IDX10/db_
Create a .tgz file
In each index note the highest bucket id. Say, for example it is 10. Then add 1 to it. So the number is 11.
Untar the index dbs into respective directories. While doing this rename the directories in the new setup as
db_Start_End_n+11. Where n is the bucket id. In this step, also rename hot bucket directory.
Question: When we rename the directories, will the manifest file be automatically updated with the latest bucket id? If not what should we do.
Approach 2:
Take all the db directories from our 10 index directories IDX1/db_, IDX2/db_ ..... IDX10/db_
Create a .tgz file. While creating the .tgz file, rename the directories from old setup to increment the bucket id as n+99. So, the warm buckets will be
db_Start_End_n+99.For example:db_Start_End_0will bedb_Start_End_99,db_Start_End_1will bedb_Start_End_100and so on.
In this case will the manifest file be updated automatically to reflect the latest bucket id (Say 201) when the bucket id reaches 98 in new setup.
We are strongly inclined towards approach 1. Based on what we read in splunk blogs and splunk base, approach 1 should work.
Please suggest the better and workable approach.
Thanks
Strive