We have updated our Terms of Service, Code of Conduct, and Addendum.

Migrate from Cribl Standalone to Cribl Distributed(+ Edge)

Govardhanen Gopal
Govardhanen Gopal Posts: 19
in General Discussions

I am kinda being nudged into a move from a Standalone to a distributed setup. So have to start playing in the lab with this before I plan it out in production. Does any cribl’er have any write ups or discussions here where such a thing has been talked over that I can review before embarking on this adventure.

My end goal is to have a Cribl Stream Distributed + A handful of Edge clients to start with(and a ton of Splunk Universal Forwarders sending out stuff to the worker node).

Tagged:

Best Answer

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    Changing an install to leader from standalone is not destructive. The settings just get a new level (by group) so you gotta move around a few things. Verify git is installed before proceeding. which git

    Method 1:

    • Change existing install to Leader and restart
    • Copy old configs: rsync -a $CRIBL/local/cribl/ $CRIBL/groups/default/local/cribl/
    • Restart
    • Commit/deploy

    Method 2:

    • Bring up a new host, set to Leader and restart if required
    • Copy old configs: rsync -a $CRIBL/local/cribl/ NEWLEADER:$CRIBL/groups/default/local/cribl/
    • Restart
    • Commit/deploy

Answers

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    Changing an install to leader from standalone is not destructive. The settings just get a new level (by group) so you gotta move around a few things. Verify git is installed before proceeding. which git

    Method 1:

    • Change existing install to Leader and restart
    • Copy old configs: rsync -a $CRIBL/local/cribl/ $CRIBL/groups/default/local/cribl/
    • Restart
    • Commit/deploy

    Method 2:

    • Bring up a new host, set to Leader and restart if required
    • Copy old configs: rsync -a $CRIBL/local/cribl/ NEWLEADER:$CRIBL/groups/default/local/cribl/
    • Restart
    • Commit/deploy
  • Govardhanen Gopal
    Govardhanen Gopal Posts: 19

    Please note, this does work but there are a few caveats to be aware of.

    1. None of the packs are migrated over, and you have to manually import them or use the rest api(which is a bit weird + unfortunately inconsistent documentation which just made me give up and go low tech and import it in the ui)
    2. When you do copy over the $CRIBL_HOME/local/cribl/cribl.yml into $CRIBL_HOME/groups/default/local/cribl/cribl.yml you are going to have all your stand alone settings, you will have to manually edit it to reflect the worker settings and restart.

Categories