Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I have a Splunk Enterprise Search Head in a Production and a second one in a Non-Prod environment. Any best practices fo

adnankhan5133
Communicator
‎07-02-2020 02:13 PM

The search head in the Non-Prod environment will not be active and would only be turned on in the event of a disaster where the Production SH is down.

I was thinking about enabling an rsync between both search heads so that the conf. files and knowledge objects from the Prod SH are regularly synced over to the Non-Prod SH. Does anyone have any suggestions or better approaches?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎07-02-2020 08:20 PM

Rsync will work fine for this. Be cautious around the GUIDs of the SH, if you bring production back up while the DR is running you can have some potential issues. You could change this easily enough and not sync this config file.

If you're syncing KOs, why no use GIT or similar repo control. This is what most companies are doing now these days. It's a lot easier for granular control of what you replicate across, not to mention the benefits of version control/tracking. 

View solution in original post

Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎07-02-2020 08:20 PM

Rsync will work fine for this. Be cautious around the GUIDs of the SH, if you bring production back up while the DR is running you can have some potential issues. You could change this easily enough and not sync this config file.

If you're syncing KOs, why no use GIT or similar repo control. This is what most companies are doing now these days. It's a lot easier for granular control of what you replicate across, not to mention the benefits of version control/tracking. 

Reply
Solved! Jump to solution

adnankhan5133
Communicator
‎07-09-2020 01:04 PM

If the Production SH went down, how would Git sync the changes over to the Non-Prod/Secondary SH? If there is an article or an app that gracefully syncs all knowledge objects between search heads, then that would be ideal for me to check out.

Sorry, I'm new to Git and came from a world where rsync was the answer to replicating KO's between search heads for DR purposes.

0 Karma
Reply
Solved! Jump to solution

adnankhan5133
Communicator
‎07-03-2020 03:02 PM

Agreed - Git or Ansible is definitely the way to go. I consulted with several others and that appears to be the best path forward.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...