For prepping an image for cloning or staging of Splunk, please see the following Splunk provided documentation.
If you are cloning a running production machine, the process for cleaning the configuration might not work well and impact the running Splunk instance sending logs into Splunk. If you are in this situation we recommend that on the cloned machine you perform the following checks to avoid GUID conflicts on the Splunk environment.
- To generate a new Splunk agent GUID on the cloned machine
SPLUNK_DIR/bin/splunk stopmv SPLUNK_DIR/etc/instance.cfg SPLUNK_DIR/etc/instance.oldSPLUNK_DIR/bin/splunk start
- Verify that the following files do not reflect the previous machine’s name.
- SPLUNK_DIR/etc/system/local/server.conf
- SPLUNK_DIR/etc/system/local/deploymentclient.conf
- SPLUNK_DIR//etc/system/local/inputs.conf
- Contact splunk-support@illinois.edu to notify that a new machine needs to be added to the Deployment Server.