Has anyone come up with a solid solution for backing up Splunk for disaster recovery purposes? I've read a lot about what files we need to pull, and we've made some decisions based on utility (e.g. deployed splunkbase and custom apps will be version controlled through a local GitHub) but we're coming up empty on a decent paid or open-source backup management solution.
Currently 6 indexers in a cluster with more spinning up soon, and a replication factor of 2. I've already received advice from Splunk PS re: what should and shouldn't be backed up.
We looked into Zmanda for a commercial solution, but found it difficult to purchase through existing procurement, The OSS version - Amanda - has proven to be quite difficult to configure thanks to lackluster documentation.
We've got some budget to get software if needed, and already have a server with sufficient disk storage. Just trying to find the glue to get it up and running. Thanks!
Have you read the following articles?