Deployment Architecture

VersionControl for Splunk - Disaster Recovery Strategy for Splunk KO's and conf files

adnankhan5133
Communicator

Does anyone have any experience with the VersionControl for Splunk App? Planning to use this for backup/restore of Splunk conf files and knowledge objects (DR strategy)

I’m planning to come up with a strategy for backing up and restoring the knowledge objects (i.e. dashboards, reports, alerts, saved searches) and configuration files associated to Splunk ES and the various apps/add-ons that shall be part of the deployment at our organization. This is mainly to ensure that all of our Splunk items are capable of being restored to our Disaster Recovery site in the event that Production experiences prolonged downtime. Our Splunk search heads and Management consoles (Deployment Server, Index Cluster Master) in DR shall be on cold standby and unavailable, unless we need to start them up if a disaster occurs.

Would anyone know if the VersionControl for Splunk App ( https://splunkbase.splunk.com/app/4355/#/details ) is any good? As long as I'm able to backup my Splunk conf files and KO's from Production, and restore these to my DR site in the event of a disaster/prolonged Production downtime, then I'm comfortable with leveraging this app as a DR strategy. I'm less concerned about version control since we'll only have 4 people managing our Splunk ES deployment and we won't have thousands of KO's to take care of here.

0 Karma

gjanders
SplunkTrust
SplunkTrust

The Splunk app for version control was built to allow a user-level restore of knowledge objects

If your goal is to restore a server in a DR environment you could consider a simpler approach such as "Git Version Control for Splunk"

If you want anyone to be able to restore a single knowledge object than the Splunk app for version control is a better choice...the git version control for Splunk would likely involve restoring config files to the filesystem and a restart...

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...