Solved: ISE databases - which one has the endpoints?

stuartjhawkins · ‎04-30-2026

Hi Folks

First post here.

My customer has an ISE2.7 installation, being replaced shortly. There are all sorts of issues with it - including the inability to backup the operational database due to some stored procedure errors.

As part of the migration to the new build, I want to carry over endpoints, but want to enable purging on the existing platform first, as there is a load of legacy data in there. Before doing so, I would like a good backup in hand.

My hunch is that the endpoint definitions are in the configuration database, and that the dynamic data including when that endpoint was last seen would be part of the operational data.

I've searched high and low for a definitive answer on this, with no joy. Wondered if anyone here knows, please?

Arne Bier · ‎04-30-2026

The config backup will contain all the same data that you currently see in context visibility.

Operational backup only contains the Live Logs stuff for RADIUS and TACACS. Mostly useful if you care about historical Live Logs for reporting and forensics.

View solution in original post

Arne Bier · ‎04-30-2026

The config backup will contain all the same data that you currently see in context visibility.

Operational backup only contains the Live Logs stuff for RADIUS and TACACS. Mostly useful if you care about historical Live Logs for reporting and forensics.

Aref Alsouqi · ‎04-30-2026

What do you mean by carry over the endpoints and do the purge on the existing system at the same time? As far as I know you could export the endpoints data from ISE via UI by going into the "Context Visibility > Endpoints > Export > Export All". Alternatively, you could go to CLI and type the command "application configure ise" and then select "Get all Endpoints" option. This option will generate a .csv file on ISE local disk, you will have to export from ISE to somewhere on the network.

aleabrahao · ‎04-30-2026

As mentioned by @Aref Alsouqi , you can go to Context Visibility > Endpoints > Export > Export All, or you can export only the endpoints you are interested in.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

stuartjhawkins · ‎04-30-2026

Thanks for the responses so far.

What I mean is that I want to purge obsolete endpoint data on the existing platform before running the export, so that the data imported into the new build contains only endpoints seen in the last 60 days (for example).

The customer is nervous about enabling the purge function, so I wanted to provide some assurance that we'll have a good backup beforehand, and thats fine if it is configuration data, but not if operational (because of the backup issue).

Sounds like my hunch is correct and my endpoints are in configuration data, so I should be good. I'll be doing an export to CSV before purging as well, just to be sure.

Aref Alsouqi · ‎04-30-2026

Understood. If that is the plan then yes I would recommend taking a backup copy of the configuration and a copy of all the endpoints before purging anything and then go with the purge as you mentioned. The operational backup usually is not needed when migrating between ISE versions, I have never used it even though I always took a copy where possible before any migration.