I have a distributed `6.2.3` setup with a single `Search head`, an `Indexer cluster` and a single `Heavy Forwarder`. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so I have built new 6.2.3 (have to stay on this version) servers and want to copy the configuration from the dirty environment to the new environment. Basically I want server settings, licensing, authentication, clustering, distributed search... I don't care about apps and add-ons, indexes, saved searches, etc.
I recognize in copying some of the files that edits may be necessary, for example, IPs and hostnames will be different.
Is this feasible, reasonable, or am I going about this wrong? If this is the way to go, I'm not sure what files need to be copied... don't want all of `$SPLUNK_HOME/etc`.
Your feedback and assistance is appreciated.
Thanks.
↧