Welcome to the Splunk Cloud Migration Assessment App
This app is designed for existing Splunk customers interested in migrating to Splunk Cloud, our Software as a Service (SaaS) solution. The app will assess your current Splunk Enterprise deployment that is running on-premises or in a bring your own license (BYOL) model and provide guidance for your migration to Splunk Cloud.
The high-level assessment captured by this app will also provide data points to help our Sales Engineering and PS Teams scope your migration efforts, implement best practices, and prioritize your migration success. For more detailed information on the compatibility of your apps, use the Analysis Of SplunkBase Apps for Splunk.
This App is self-documenting and will guide you through the experience. Be sure to follow the in App guidance. The calculations in this app are meant to be directional and for educational purposes only. Results are not guaranteed.
This app can only evaluate the data that available in the search results. Therefore, this App should be installed on the Splunk Monitoring Console (MC). The MC should have access to all Splunk servers in your environment. This App is compatible with all versions of Splunk 6.5.x and above.
Quick & Dirty:
Sometimes it is hard to get an App installed or you might want to do some covert investigations. To initiate these discussions with your Splunk Account team, run the following search from your Management Console and save the results. It is not nearly a complete assessment but if we can only get the results from one search, this is it:
index=_audit search_id!="'rsa_*" search_id!="'RemoteStorageRetrieveBuckets_*" search_id!="'searchparsetmp_*" search_id!="'remote_*" search_id=* total_run_time earliest=-7d@d latest=@d
| eval host_sid = 'host'.":".'search_id'
| bin _time span=1d
| stats dc(host_sid) AS search_count by _time
| stats avg(search_count) AS search_count_daily_avg
| eval workload_factor=case(search_count_daily_avg <= 1000,"20",
search_count_daily_avg > 1000 AND search_count_daily_avg <= 10000,"25",
search_count_daily_avg > 10000 AND search_count_daily_avg <= 50000,"35",
search_count_daily_avg > 50000 AND search_count_daily_avg <= 100000,"45",
search_count_daily_avg > 100000 AND search_count_daily_avg <= 200000,"55",
search_count_daily_avg > 200000 AND search_count_daily_avg <= 300000,"65",
search_count_daily_avg > 300000 AND search_count_daily_avg <= 500000,"75",
search_count_daily_avg > 500000 AND search_count_daily_avg <= 1000000,"90",
search_count_daily_avg > 1000000,"100")
| eval search_count_daily_avg=round(search_count_daily_avg,0)
You can also run any one of the checks individually, which are listed under Tools -> Health Check Items.
Please contact Splunk Support with any questions regarding this App.
**** If you are upgrading the App, be sure to remove the old App folder before installing the new version.