All Apps and Add-ons

What is the DR approach of Splunk ES on AWS?

New Member

Hi everyone,

Assume the best practices of Splunk AWS is deployed on production AWS region (e.g. London).
How to design the DR of Splunk?
1. create another best practice design in another region (e.g. Paris) and extend the SH cluster and indexer cluster to the Paris region?
2. what if a hot-stanby is no required, is it able to take a whole of the Splunk (including VPC, AZ, subnets, Security groups, instances, EBS) and archive it in S3 bucket and restore it in Paris region manually?

Best Practice Architecture:


0 Karma

Esteemed Legend

This is a HUGE questions. What parts do you nee DRd? How much downtime can you have? Do you have budget/constraints?

0 Karma

Ultra Champion

the real question is, what is the problem you are trying to solve?
what is it you would like to protect against?
do you need DR for your search components? Index (data) components?
do you need HA?
Please share what is it that you would like to achieve

0 Karma

New Member

if the primary AWS region is down, we have to resume the SIEM in another AWS region within 4 hours.
no HA between AWS region is needed.
HA is required within same AWS region.
I need DR for search components and index components as the applications will also failover to the DR AWS region.

0 Karma
Get Updates on the Splunk Community!

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...