I am in the progress of attempting to migrate an on premise Splunk instance to the cloud.
I have a new instance all set up in AWS. Running Splunk Enterprise 6.5.0.
My old instance of Splunk was running Splunk enterprise 6.4
I did a silly thing.
I wanted to move across all my old data to the new instance. So I copied and replaced all the Splunk data stored in /opt/splunk with what I had from my old instance. I realized about 1/4 of a second too late how stupid that was as I managed to cripple my new instance of Splunk and unsure how to fix it at all.
Currently when I attempt to start up Splunk, I get the following:
Starting Splunk...
Splunk> Now with more code!
Checking prerequisites...
Checking http port [####]: open
Checking mgmt port [####]: open
Checking appserver port [127.0.0.1:####]: open
Checking kvstore port [####]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Could not create path /opt/splunk/var/lib/splunk/firedalerts/colddb appearing in indexes.conf: 13
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
So I am guessing I need to at a start change the indexes.conf, but unsure where to even start. Any assistance will be greatly appreciated.
↧