Monitoring Splunk

Splunk Cloud backup and recovery

Scottk1
Loves-to-Learn Lots

Client is asking about Splunk Cloud backup and recovery procedure for DR. Specifically all the configuration, searched, dashboards, fields, tag so on and so on. I can not find a document outlining Splunk cloud polices for high availability, backup and restore can anyone point to this info?  

 

Client ask - 

"Could you please check and let me know how and where following items are backed up and what is the process to recover them for DR purpose?

    • Audit logs
    • Usecases
    • Reports, alerts, lookup tables, KV etc
    • Config data
    • Source type config
    • Parsing
    • API, TI
    • Fields config
    • Data model, macros
    • Apps and app config
    • ES config
    • Threat intel config"
Labels (1)
0 Karma

quinneyc
Explorer

Ensures Splunk Cloud Platform uptime and security

Splunk continuously monitors the status of your Splunk Cloud Platform environment to help ensure uptime and availability. See the Monitoring section. We look at various health and performance variables such as the ability to log in, ingest data, access Splunk Web and perform searches. Splunk maintains the following:

  • A rolling 30-day history of health and utilization data to help ensure uptime and assist troubleshooting of your Splunk Cloud Platform.
  • A rolling 7-day daily backup of your ingested data and configuration files to ensure data durability. Note that the backups are accessible only by Splunk and at their discretion to leverage as situation dictates.
  • The encryption keys when you purchase an encryption at rest subscription. See the Data retention section in Storage.

See also the information in the Users and Authentication section regarding the Splunk Admin and system user roles, and the certification of Splunk Cloud Platform by independent third-party auditors to meet SOC2 Type II and ISO 27001 security standards.

LINK TO FULL DOC: https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice

0 Karma

gcusello
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...