Skip to main content
Registration for .conf24 is open! Join us June 11-14 in Las Vegas.
Splunk Lantern

Selecting the best cloud migration approach


Many Splunk on-premises customers are aiming to move to Splunk Cloud Platform so that updates and infrastructure are all managed. However, there are different approaches to do this, with pros and cons for each. This article explains your options.



This approach involves starting afresh in Splunk Cloud Platform without migrating historical data. However, you can migrate the configuration of your on-premises deployment of the Splunk platform to accelerate the initial setup. You will need to do some testing to prepare the Splunk Cloud Platform deployment with smaller cuts of real data. After this is done, the data can be redirected to send to your Splunk Cloud Platform environment rather than your on-premises Splunk deployment.

This approach is popular when a number of additional services and capabilities have been added as part of your Splunk package, and you wish to refactor the existing configuration. If required, it also benefits from enabling configuration to be brought back inline with Splunk-recommended practices. This approach benefits from an instant switchover for end users when they start working with the new Splunk Cloud Platform deployment.

Dual firing

This approach involves replicating the configuration of your on-premises deployment in Splunk Cloud Platform. When complete, the data forwarding layer is configured to send copies of the data to both your on-premises and Splunk Cloud Platform deployments (dual firing). From this point, data starts to build in your new Splunk Cloud Platform deployment until the point you are comfortable to switch over.

This option provides the most seamless transition. However, you need to consider the required data retention period and cost of running both environments. A good partner can help you negotiate these issues with your Splunk account manager to make them less impactful.

The primary benefit of this method allows for a full user acceptance test to be carried out prior to end users migrating to the service. A disadvantage is that although you can migrate the remaining historical data left on the on-premises deployment at this point, doing so would require outages of the service. Often people choose to age out the historical data, which means you need to understand your data retention periods.

Full migration

This approach involves a full migration of the on-premises deployment with data. This is similar to the greenfield approach but requires an outage to complete. The length of the outage depends on the volume of historical data that's required. The configuration part of the migration can be completed first to ensure Splunk Cloud Platform is prepped and ready to receive the data before the required outage takes place.

This approach is common when there is a deadline, such as if your on-premises Splunk deployment needs to be removed and historical data migration is a requirement.

Summary table

  Greenfield Dual firing Full migration
  • Clean start
  • No outage
  • Instant switchover for users
  • Easy to align to best practice
  • Testing of configuration but not under load
  • No outage
  • Historical data (depending on retention period)
  • Full testing under load
  • Historical data migrated
  • Testing of configuration but not under load
  • Switchover for users after the outage complete
  • No historical data
  • Limited testing under load
  • Cost of both environments running for the period of dual running data
  • Long migration period
  • Outage requirements
  • Difficult to return on unforeseen issue

Regardless of which option is best for you, migrating to the Splunk Cloud Platform is the perfect time to clean up your existing Splunk environment.  Tuning your existing searches and dashboards, updating apps, removing old or unused content, and ensuring any pre-existing issues are resolved, will ensure you get the best possible experience after migrating to the Splunk Cloud Platform.

Next steps

The benefits of migrating to Splunk Cloud Platform are worth the effort. The projects required to make the transition don't have to be intimidating; they can be a very controlled and well-trodden path, especially when you use a trusted partner. If you need help deciding the approach you would like to take, UK-based Somerford Associates can help. Somerford Associates is an award winning Elite Partner with Splunk and the largest Partner Practice of Consultants in EMEA. We protect data, demonstrate that it is being managed effectively and derive greater value, by providing real-time insights to support effective decision making. With our specialist knowledge, skills, experience and strong reputation for enabling digital transformation at scale and at pace, we provide full delivery, including design, implementation, deployment, and support.

The user- and community-generated information, content, data, text, graphics, images, videos, documents and other materials made available on Splunk Lantern is Community Content as provided in the terms and conditions of the Splunk Website Terms of Use, and it should not be implied that Splunk warrants, recommends, endorses or approves of any of the Community Content, nor is Splunk responsible for the availability or accuracy of such. Splunk specifically disclaims any liability and any actions resulting from your use of any information provided on Splunk Lantern.