Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Move Index Files from one system to another

brianokelly
Explorer
‎09-27-2011 11:56 PM

We are planning to roll out an active/active solution in two data centers. Each DC splunk instance will only handle local logs. We are looking to put a plan in place should a failure of one site occur.

  1. What is the best mechanism/tools to handle this situation.
  2. What should be planned for e.g. use different index names in each site e.g. main_site1 and main_site2? Both sites will handle similar logs and peer to each other for searches.
Tags (2)
0 Karma
Reply

Lowell
Super Champion
‎09-28-2011 07:07 AM

I'd suggest that you also checkout this question and answer:

http://splunk-base.splunk.com/answers/7479/what-is-the-best-way-to-retrieve-data-from-a-remote-site-...

There's a comment about the isReadOnly setting in indexes.conf which you may want to look into as well. The idea is to prevent accidental writing to a replicated index. It's possible that read-only file permissions may also be a good idea in this case. (BTW, I assuming that you aren't going to try to let both sites index data into both each others directories, because that will not work.)

It may be a good idea to work though a plan with splunk support for your specific setup.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎09-28-2011 04:37 AM

Hi brainokelly

about moving an index find the docs here.

If you plan to move one site to another in case of a failure, then I would do as you wrote in question 2. Call them main_site1 and main_site2. This way you are able to move the index back to its original site and even keep the data collected while it was on the failure site.

hope you can follow me 🙂

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...