Distributed Monitoring Console (DMC) is leveraged to monitor the health of the Splunk environment. Currently, it is developed in a way that it examines the Splunk Enterprise and enables us to view the topology and performance information about Splunk deployment in detail. DMC was called a Distributed Management Console before Splunk 6.5.0.
The monitoring console dashboards take such as metrics log from internal log files of Splunk Enterprise and also from Splunk Enterprise platform instrumentation. This dashboard offers useful insights including search and indexing performance, OS resource usage, Splunk app key-value store performance, search head and indexer clustering, HTTP event collector performance, etc. If the DMC is configured on a server and that particular server is getting decommissioned due to some reason, you need to configure DMC on a different server.
In this case, a huge Splunk architecture is in hand so, manually reconfiguring all servers once again to other DMC servers will consume a lot of time. Hence, the smartest decision would be to migrate DMC to a new server from an old server with all existing configurations. This is because it would help us save our time and efforts involved in reconfiguring it.
Steps to migrate DMC from one server to another
Step1: Copy distsearch.conf from /opt/splunk/etc/system/local/ from existing server to desired Splunk server on same path. Execute the following command on existing server.
- scp -r distsearch.conf [email protected]:/opt/splunk/etc/system/local/
Step2: From the existing server, copy the local folder of the splunk_monitoring_console app to the desired Splunk server in the same app. Execute the following command on the existing server.
- scp -r local [email protected]:/opt/splunk/etc/apps/splunk_monitoring_console/
Step3: Restart the latest Splunk server to ensure that all changes are made.
Step4: After restarting, select New Server UI. Go to Setting, followed by Distributed Search, and Search Peers.
A list of servers will be visible.
Note: It will take around 10 – 15 minutes for the status to show successful for all servers.
Step5: From Setting, choose Monitoring console, followed by Overview.
Here, you will be able to see the overview of your Splunk architecture’s health.
If you still have issues related to DMC Migration from One Server to Another, do not hesitate to post your queries in the Comment Box below. For more interesting content, don’t forget to follow us on Social Networks, Happy Splunking >
The post DMC Migration from One Server to Another appeared first on Cyber Chasse.
This post first appeared on Cyber Chasse’s Cybersecurity Solutions Help In Threat Prevention, Detection And Response, please read the originial post: here