Can you help me with my search head replication?

rajkumarv · ‎12-12-2018

Hi,

We have two search heads that will be configured in active and standby using the load balancer. Are there any custom scripts available to take incremental backups of the configuration and KV store from the primary node and replicated to standby?. Please advice.

Also please advice: is there a way to configure HA in Search head itself without clustering?

inventsekar · ‎12-13-2018

Back up configuration information
All Splunk's configuration information is contained in configuration files. To back up the set of configuration files, make an archive or copy of $SPLUNK_HOME/etc/. This directory, along with its subdirectories, contains all the default and custom settings for your Splunk install, and all apps, including saved searches, user accounts, tags, custom source type names, and other configuration information.

Copy this directory to a new Splunk instance to restore. You don't have to stop Splunk to do this.

http://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Backupconfigurations

please advice is there a way to configure HA in Search head itslef without clustering
HA - high availability comes with Clustering OR load balancing.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Can you help me with my search head replication?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Can you help me with my search head replication?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!