Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

SamHTexas
Builder
‎07-02-2021 08:05 AM

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please. Any steps to succeed in this project specially in AWS environment is appreciated. Thank u in advance

Labels (1)
Labels
Tags (1)
0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎07-02-2021 09:32 AM

Not specific to an AWS environment, but some things to think about for ES:

https://docs.splunk.com/Documentation/ES/6.5.1/Install/InstallEnterpriseSecuritySHC#Back_up_and_rest...

https://docs.splunk.com/Documentation/ES/6.5.1/Install/InstallEnterpriseSecuritySHC#Restore_incident...

 

Let me know if that helps. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-02-2021 09:00 AM

You didn't give us much to work with.  Everyone has different DR/HA needs and we don't know yours so we can offer only general answers.

Search head and indexer clustering help, especially if they're multi-site.  Have standby instances of the management servers ready.

See https://lantern.splunk.com/Splunk_Success_Framework/Platform_Managment/Managing_backup_and_restore_p... for basic information and links to other helpful sites.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

SamHTexas
Builder
‎07-06-2021 06:03 AM

Thank u for your message. Hoping you had a safe & nice 4th of July. We have Clustering on the Indexers & SHs, in addition to a LM, Deployment server. Am working / documenting backing up the .conf files. What other critical steps would you recommend for Splunk Ent. & ES? I have done BU/DR for Windows environment for a long time. I want to make sure I am covered when Splunk servers go down say about 2 AM on a Saturday or so. I sure appreciate your expert advices as always.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...