All Apps and Add-ons

What is the DR approach of Splunk ES on AWS?

New Member

Hi everyone,

Assume the best practices of Splunk AWS is deployed on production AWS region (e.g. London).
How to design the DR of Splunk?
1. create another best practice design in another region (e.g. Paris) and extend the SH cluster and indexer cluster to the Paris region?
2. what if a hot-stanby is no required, is it able to take a whole of the Splunk (including VPC, AZ, subnets, Security groups, instances, EBS) and archive it in S3 bucket and restore it in Paris region manually?

Best Practice Architecture:


0 Karma

Esteemed Legend

This is a HUGE questions. What parts do you nee DRd? How much downtime can you have? Do you have budget/constraints?

0 Karma

Ultra Champion

the real question is, what is the problem you are trying to solve?
what is it you would like to protect against?
do you need DR for your search components? Index (data) components?
do you need HA?
Please share what is it that you would like to achieve

0 Karma

New Member

if the primary AWS region is down, we have to resume the SIEM in another AWS region within 4 hours.
no HA between AWS region is needed.
HA is required within same AWS region.
I need DR for search components and index components as the applications will also failover to the DR AWS region.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...