Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me with a Splunk Backup Question?

johann2017
Explorer
‎02-20-2019 02:00 PM

I am running Splunk Enterprise version 6.6.2. I have four Splunk servers in a non-clustered environment: One search head, one heavy forwarder, one deployment server, and one indexer. In the scenario of an unrecoverable server crash, what files need to be backed up to rebuild Splunk on a new server?

Currently I am backing up everything in these two directories: /opt/splunk/etc and /opt/splunk/var

0 Karma
Reply

adonio
Ultra Champion
‎02-20-2019 05:50 PM

considering you are using default locations for indexers and apps.
on the indexers, backup splunk/etc/ (configurations) and splunk/var (indexed data and other stuff)
on the rest of the instances, splunk/etc/ is enough

i would recommend to look into splunk diag, to make your backup and recovery easier.
read here: https://docs.splunk.com/Documentation/Splunk/7.2.4/Troubleshooting/Generateadiag

hope it helps

Reply

johann2017
Explorer
‎02-25-2019 08:07 AM

So running a diag on each of my Splunk servers will assist in a backup / recovery process? For this, should I disable dispatch, disable pool, and .dat files? Or include everything?

0 Karma
Reply

adonio
Ultra Champion
‎03-01-2019 08:13 AM

diag will simplify your backup process
on the indexers, youll probably want to backup the data too.
https://docs.splunk.com/Documentation/Splunk/7.2.4/Indexer/Backupindexeddata#Choose_your_backup_stra...

another elaborated answer here:
https://answers.splunk.com/answers/469816/what-is-the-best-practice-to-backup-splunk.html

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...