Do I have to backup $SPLUNK_HOME/var/run directory...

Deployment Architecture

When I make a backup of a splunk server every few days, I just usually tarball the whole /opt/splunk dir. This works fine for recovery purposes when I may need it.

But each backup is several GBs. So, I am looking for ways to trim down the backup copy while still retaining all I need for a 'full restore' of a server if every needed.

I notice that the ~/var/run/searchpeers has a lot of files + can be large in size. Can I skip this dir when I make my backup or is it crucial to the rebuild/restore?

cheers,
Damon

Do I have to backup $SPLUNK_HOME/var/run directory for a reliable backup?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Do I have to backup $SPLUNK_HOME/var/run directory for a reliable backup?

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >