Deployment Architecture

Is it good practice to run an rsync script to take a backup of any new warm buckets created to a new partition?

kkossery
Communicator

I need to start backing up my Splunk and was looking at backing up any new Warm buckets. I'm planning to do this by running an rsync script to take a backup of any new warm bucket created to a new partition.
Is this a good practice?
I'm interested in knowing what other users are doing to backup their Splunk/indexes on Amazon EC2.

Thanks

Tags (4)
0 Karma

kkossery
Communicator

I've installed s3sync on the Splunk box which would sync buckets (hot/warm/cold) to the S3 storage.

0 Karma

Arkon
Explorer

watchout for your S3 policy in case it automatically removes files after some time

0 Karma

Yasaswy
Contributor

hi kkossery, In general I would believe this to be "not" a good practice. Mostly because it does not scale well and very config and env dependent. I would go with clustering to solve any of the availability requirements.

0 Karma

kkossery
Communicator

Thanks! I will wait on what others have to say on this.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...