Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Process to copy index from one Windows Server to another

mship
Path Finder
‎03-04-2013 05:58 AM

I am running Splunk 5.0.1, am in a Windows workgroup enviornment, and have 2 Windows 2008R2 servers as indexers for redundancy (indexerA and B). What I am looking to do is to establish a process to, should one server go down, restore the index from the second server. Let's say indexer B goes down for a week and I am ready to bring it back up online this is the process that I would execute...

Indexer A - roll the hot dbs to warm by running the folling command:

  • $SPLUNK_HOME\Splunk _internal cal /data/indexes/main/roll-hot-buckets -auth admin:
  • disable splunkd on indexerA
  • log onto indexer B and map network drive to on indexer A
  • copy defaultdb from indexer A to indexer B
  • restart splunk on both instances and both indexes should now have the same exact data

Does this sound correct?

Tags (1)
0 Karma
Reply

mship
Path Finder
‎03-04-2013 11:30 AM

Ammend the above process to...

On indexer B create \defaultdb
log onto indexer A and map network drive to on indexer b
copy contents of defaultdb from indexer A to indexer B

0 Karma
Reply

lpolo
Motivator
‎03-04-2013 06:35 AM

You could create a cluster as documented in:

http://docs.splunk.com/Documentation/Splunk/5.0.2/Indexer/Aboutclusters

Clusters are groups of Splunk indexers configured to replicate each others' data, so that the system keeps multiple copies of all data. This process is known as index replication. By maintaining multiple, identical copies of Splunk data, clusters prevent data loss while promoting data availability for searching.........

Lp

0 Karma
Reply

mship
Path Finder
‎03-04-2013 11:27 AM

Thanks for your assistance lpolo but unfortunatley schedule does not allow me the time to implement clustering. I will definitley keep your advice in my pocket as a possible upgrade in the future.

0 Karma
Reply

lpolo
Motivator
‎03-04-2013 06:53 AM

The number of servers is determine by the replication factor.
For example, if you want to ensure that your system can handle the failure of two peer nodes, you must configure a replication factor of 3, which means that the cluster stores three identical copies of your data on separate nodes. If two peers go down, the data is still available on a third peer.

0 Karma
Reply

mship
Path Finder
‎03-04-2013 06:45 AM

But if I am not mistaken you need at lease 4 or 5 servers for a cluster...I only have 2.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...