Spread our blog

We might need to replace the Master-Node for either of these reasons

1.  The Node Fails

2.  We need to move the Master to a Different Machine or Site .

For Example :  We will consider the following :

OLD  :  XX.XX.XX.XX           ( It is an IP Address of the OLD Master Node )

NEW : YY.YY.YY.YY            ( It is an IP Address of the NEW Master Node in which we are 
                                                      going to Migrate our OLD Master Node )


*** The NEW does not use the Same IP address  or Management Port as the OLD one  ***

1.  Go to OLD ,

***   Stop the Splunk  ***

#   ssh root@XX.XX.XX.XX
#  cd /opt/splunk/bin
# ./splunk stop

2.  Go to NEW

***   Install Splunk and Stop it  ***

#  ssh root@YY.YY.YY.YY
#  cd /opt/splunk/bin
#  ./splunk start –accept-license
# ./splunk stop 

3.  Go to NEW

#  ssh root@YY,YY.YY.YY
#  cd /opt/splunk/etc/system/local/
 Copy the ‘ sslKeysfilePassword=’ to the notepad from ‘server.conf’ file

4.   Go to OLD 

****  Copy the server.conf file from OLD to NEW  ***

#  ssh root@XX.XX.XX.XX
#  cd /opt/splunk/etc/system/local
# scp server.conf root@YY.YY.YY.YY:/opt/splunk/etc/system/local/.

***   Copy the master-apps directory from OLD to NEW  ***

#  cd /opt/splunk/etc/
#  scp -r master-apps root@YY.YY.YY.YY:/opt/splunk/etc/.

5.  Go to NEW

You can also know about :  Implement Masking Using transforms.conf

# ssh root@YY.YY.YY.YY
# cd /opt/splunk/etc/system/local
# vi server.conf

Remove the line with ‘ sslKeysfilePassword=.****’  and  Copy from
your notepad and paste it hear :-  ‘ sslKeysfilePassword=’ 
Replace the value of a ‘ ServerName’ with YY.YY.YY.YY

#  /opt/splunk/bin/splunk start


****  Now, we have to update the ‘master_uri’ settings on all the peers and search heads to point the (NEW) Master’s IP address and the Management Port  ****

1. Go to any one INDEXER,

#  ssh root@Indexer_IP
#  cd /opt/splunk/etc/system/local
#  vi server.conf

 Where ever you find ‘master_uri’ , replace its value with     https://YY.YY.YY.YY:8089

#  /opt/splunk/bin/splunk restart

Note : Perform the above actions for all the Indexers in the Cluster

2.   Go to any one SEARCH HEAD,

#  ssh root@SearchHead_IP
#  cd /opt/splunk/etc/system/local
#  vi server.conf 

 Where ever you find ‘master_uri’ , replace its value with    https://YY.YY.YY.YY:8089   

 Replace the value of ‘conf_deploy_fetch_url’  with        https://YY.YY.YY.YY:8089

#  /opt/splunk/bin/splunk restart

Note : Perform the above actions for all the Search Heads in the Cluster

Now your Master Node in the Cluster Environment has been successfully Migrated !!

Hope you are now comfortable in : Migration of the Master Node in an 
Index Cluster Environment


What’s your Reaction?

Spread our blog
Next articleUsage of Splunk commands : ACCUM
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.


  1. First of all congratulation on the new site.It is really amazing following someone having A GREAT BLOG! This blogs are really helpful those who started carrier in Splunk area. I am sure in future this blogs will more interesting and knowledgeable.
    Wonderful thoughts and Great overview examples on blogging.
    Great job Abhay!
    Have a nice day………keep on blogging 🙂

  2. awesome piece of information, I had come to know about your blog from my friend vimal, mumbai,i have read atleast 3 posts of yours by now, and let me tell you, your blog gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a million once again, Regards


Please enter your comment!
Please enter your name here