How do I backup the Splunk Enterprise Security app...

SamHTexas · ‎05-08-2021

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often? I have already documented a short plan to backup the Splunk Enterprise.

lkutch_splunk · ‎05-11-2021

Is it in a search head cluster environment?

https://docs.splunk.com/Documentation/ES/6.5.1/Install/InstallEnterpriseSecuritySHC#Back_up_and_rest...

https://docs.splunk.com/Documentation/ES/6.5.1/Install/InstallEnterpriseSecuritySHC#Restore_incident...

Also though, backing up theKV store is part of Enterprise:

https://docs.splunk.com/Documentation/Splunk/8.1.3/Admin/BackupKVstore
but should be done prior to upgrading ES:
https://docs.splunk.com/Documentation/ES/6.5.1/Install/Upgradetonewerversion

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often?

using Enterprise Security

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?