Splunk SOAR (f.k.a. Phantom)

Is it impossible to use Phantom's ibackup on a warm standby server?


I've configured a pair of Phantom servers to use warm standby. As per the documentation, I ran ibackup.pyc --setup after setting up warm standby, then ibackup.pyc --backup and it works fine.

If I try to run the --backup command on the warm standby I get errors:



[23/Jul/2020 01:40:00] ERROR: ERROR [057]: : recovery is in progress
HINT: pg_walfile_name() cannot be executed during recovery.:



Presumably this is due to the way warm standby works, but the documentation is unclear.

Is this expected behaviour, and is the only option to accept that the standby server backups will fail until a failover occurs i.e. the standby becomes the primary?

Labels (3)
0 Karma


@gf13579 I recently saw this at a customer and got the same thing. I guess it makes sense that as the DB is constantly being streamed to the STBY i makes sense that a backup might be hard/impossible. 
For the customer I implemented the same cron job on both servers and monitored the backup logs. We tested in a DR scenario and the backup was successfully created when the STBY was made PRI.

Whenever you find a Splunk document that is not clear, be sure to submit Feedback at the bottom of the page. Splunk is very good about updating docs in response to user feedback.
If this reply helps you, Karma would be appreciated.


I do this!

I got a mistake on this page (build_phantom_rest_url vs. _construct_rest_url) fixed by the technical writers earlier this week: https://docs.splunk.com/Documentation/Phantom/4.9/Playbook/VPECustomFunctionBlock.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...