Splunk Enterprise Security

Disaster Recovery for ES SH cluster Enviornment

Loves-to-Learn Everything

what is the solution for DR where ES app is in Sh cluster?

0 Karma

Super Champion

Hi @vinayakwagh,

I'm guessing you already know the difference between DR and HA for asking this question.

If you are looking for a DR solution for ES and you're already in stand-alone mode, then a backup of Splunk configuration including ES apps, ad-ons and the kv-store are enough. No need to setup a SH-Cluster, it will only complicate things.

If you're actually looking for HA, then SH clustering could be the solution for you, have a look here for the list of benefits of an SH-cluster:


0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!