Are there any automated scripts to back up the kvstore on each Splunk server as part of a basic back? How often should I backup the Kvstores?
Also what do I need to backup in Splunk Enterprise Security please.
Hi
We are using this https://splunkbase.splunk.com/app/5328/. Of course you can use that splunk backup kvstore from command line, but then you must add user + password somewhere in plain text, which is something that I don't like.
How often you should run this? That depends on how active your kvstore is and how long RPO is.
r. Ismo
Sir, which servers do have KVstores that are worth backing up using this tool & how often do I back the KVstores on the Splunk servers? Thank u in advance.
This isn't really a question that anyone can answer for you. This is basically something that you need to answer yourself. I'd base the frequency based on how much data in the kvstore(s) you can lose in the instance of a failure, as well as the storage that you're willing to use for backups.
Thank u for your message. I know KVstores are specific for Ent. Security app. but are there other KVstores on other Splunk servers worth backing up ? Which ones please. Thank u sir.