How to copy your Aria Operations for Logs from an existing installation to a new instance.
search cancel

How to copy your Aria Operations for Logs from an existing installation to a new instance.

book

Article ID: 411801

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

If you already have a working 8.x Aria Operations instance and wish to copy the configuration to a new instance, you can copy most of the configurations and even data to a new instance. 

This may be useful if you're experiencing issues with your existing cluster and wish to redeploy a new instance but still preserve your customized content, like dashboards, queries, and alerts.

Environment

Aria Operations for Logs 8.x

Resolution

You can copy data and configurations in several steps:

Backing up and restoring global server settings

You can export and import the general server settings, which are stored in the /storage/core/loginsight/config/loginsight-config#xxx.xml file. In a clustered environment, these settings are replicated and identical across all nodes. 

From the source site:

  1. Log into the Aria Operations for Logs web UI.
  2. In the browser URL, go to https://IPorFQDN/internal/config.
  3. Scroll to the bottom and check the Show all settings box.
  4. Copy all the content from the configuration box and paste it into a text editor like Notepad. Save the file for later use. 

On the new site:

  1. Log into the web UI of the new Aria Operations for Logs instance.
  2. In the browser URL, go to https://IPorFQDN/internal/config.
  3. In the "Server Settings Configuration" box, paste the content you copied from the old site. This will overwrite all existing settings.
  4. If prompted, restart the nodes in the cluster for the changes to take effect. Shut down worker nodes, restart primary, start worker nodes.
  5. Important: Passwords for encrypted settings, such as Active Directory or SMTP bindings, will need to be re-entered manually in the UI, as the new cluster will not have the keys to decrypt the old values. 

Migrating dashboards, alerts, and content packs

Alert definitions, dashboards, and custom queries are managed through Content Packs. You can export these objects from your "My Content" and then import them into the new environment. 

From the source site:

  1. Log into the Aria Operations for Logs web UI.
  2. Navigate to Content Packs and select My Content.
  3. Click the gear icon next to "My Content" and select Export.
  4. Choose the dashboards, alerts, and queries you want to migrate and export them as a .vlcp file. 

On the new site:

  1. Log into the new Aria Operations for Logs web UI.
  2. Navigate to Content Packs and select My Content.
  3. Click the Import Content Pack button and select the .vlcp file you exported earlier.
  4. You can import the content into "My Content" (to edit it further) or as a new Content Pack. 

Using the API for advanced settings (alerts and webhooks) This is unsupported by VMware GS:

For bulk exports and imports of more complex settings, like alerts with webhooks, using the Aria Operations for Logs API is the recommended method. This approach requires scripting, often with PowerShell. 

  1. Export alerts with webhooks: Use a PowerShell script that utilizes the API to export enabled alerts from your existing Aria Operations for Logs cluster into a JSON file.
  2. Import alerts: Use a second PowerShell script to import the alerts from the JSON file into the new cluster. This script must also handle the conversion of webhook IDs, as these are unique to each cluster. 

Other configurations

Some configurations require individual setup on the new site or are managed by other services.

  • Agents: Agent groups and templates can be copied via the UI. You will need to reconfigure the agents pointing to the new Aria Operations for Logs instance.
  • Archived logs: If you need to migrate archived logs, you can copy the data buckets from the /storage/core/loginsight/cidata/store path between nodes via scp. This process is typically used for replacing a node within a cluster but can be adapted for site migration. See details below under To copy ingested data.
  • Log forwarding: If you use log forwarding, you must reconfigure the source site to point to the new Aria Operations for Logs instance. If a cross-site forwarding filter is in place, you may need to update the tag names to reflect the new data center. 

To copy ingested data:

Sometimes we need move data (ingested logs) from (old) NODE1 to (new) NODE2.

On the source site:

Run below commands on NODE1. Replace NODE1 and NODE2 with appropriate IPs

    root@NODE1 [ ~ ]# service loginsight stop
    root@NODE1 [ ~ ]# scp -r /storage/core/loginsight/cidata/store/*-*-*-*-* <NODE2>:/storage/core/loginsight/cidata/store/

On the new site:

Run below commands on NODE2.

    root@NODE2 [ ~ ]# service loginsight stop
    root@NODE2 [ ~ ]# for bucket in $(ls /storage/core/loginsight/cidata/store | grep -v 'generation\|buckets\|strata_write.lock'); do echo y | /usr/lib/loginsight/application/sbin/bucket-index add $bucket --statuses archived; done

All buckets will be markes as archived, --statuses archived. Preferable to pass this parameter.

Run the following command to see all new buckets with archived status

    root@NODE2[~]# /usr/lib/loginsight/application/sbin/bucket-index show
Powered by Wolken Software