Splunk backup and restore procedure

VK18 · ‎10-16-2023

Dear Team,

We are planning to upgrade our existing underlying OS/VM infrastructure. As part of this process, we need to ensure the backup and restoration of our Splunk environment in case any issues arise.

Below, you can find the details of our environment:

Search Head Cluster (SHC)
A standalone Splunk Security SH.
Indexer cluster
All other management servers(DS/CM/deployer/LM)
Heavy Forwarders/Universal Forwarders (UFs)

In addition to backing up $SPLUNK_HOME/etc and $SPLUNK_HOME/var, as well as the kvstore, are there any other components or data that we need to back up to ensure a successful restoration process?

somesoni2 · ‎10-16-2023

You'll want to backup your index data as well. https://docs.splunk.com/Documentation/Splunk/9.1.1/Indexer/Backupindexeddata

Splunk backup and restore procedure

administration

upgrade

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Splunk backup and restore procedure

administration

upgrade

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future