Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a secondary backup server for Splunk app for DB connect App ?

tarunmalhotra79
Engager
‎08-18-2020 08:03 AM

Hi Team,

There was a recent failure on one of our host where we have hosted Splunk App for DB Connect.Resultant we have lost data for almost 5,6 hours.

I wanted to create a secondary backup server, if something goes wrong with our present server, Ideally it should start working on the secondary server.

Also, i have realized that decrypting the passwords and entering it with script are not working, last time i tried I had to put it manually all the passwords.

Could anyone please guide me or gives me the direction how can i achieve that ?

Regards,

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-18-2020 11:21 AM

Complete failover automation is impossible.

but you can have workaround.

Splunk manual start is required on secondary Splunk instance where Splunk_app_dbconnect will be idle.

1. open firewall rules from secondary instance  to all destinations from which you are collecting records from active instance.
2. Configure all inputs on secondary instance

3. don’t start splunk service

4. rsync db checkpoints available at $SPLUNK_HOME/var/lib/splunk/modinputs/splunk_app_dbconnect/* for every one minute from active to secondary instance

5. Configure to get an alert if  primary Instance Splunkd service is down.

6. You can have simple alert action which will be called by the alert.

you have to test this before taking decisions.

this is my idea only. Not tested really.

————————————
If this helps, give a like below.
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-19-2020 07:55 AM

I ran into same situation today. I followed same steps given in the previous answer and they worked as expected.

————————————
If this helps, give a like below.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-18-2020 10:37 AM
Splunk doesn't have a high-availability solution for apps.
You can stand up a warm standby Splunk instance with DB Connect installed on it and use rsync (or a similar utility) to copy data from the primary to the standby. I don't know the exact files you'd have to synchronize.
The takeover process would be manual or automated outside of Splunk. Likewise, when the original server comes back on-line you will have to take steps to ensure only one instance performs inputs or you'll risk duplicate data.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...