To start, I've already reviewed Google's results for this, and I just need to clarify a few things. We're trying to go from a base 4.2.3 install to a 6.2 install. I've seen that I need to do:
Upgrade to 4.3.7
Upgrade to 5.0.14
Upgrade to 6.2.7
What I'm assuming here is that I install base 4.2.3 on my Linux box, copy my existing directory structure over from Windows, I'm assuming starting at `C:\Program Files\Splunk`, and then put it on Linux straight as is. Is that correct? Then run the upgrades on Linux obviously.
What if I were to do a totally fresh 6.2.7 install on the Linux box, and cut production over. So it's building indexes from scratch, right from the cut-over time. Could I then somehow bring my old indexes from 4.2.3 over and integrate them for history? Or how would that even work?
I'm trying to figure out how to migrate 700GB of data over without losing any up time, as we are very highly dependent on our log tracking.
↧