Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk management server backup and restore

suryaaruna
New Member
‎01-20-2020 06:58 AM

Hello Splunkers.... I am trying to upgrade our management server from 6.6.2 to 7.3.2. I am taking backup of /opt/splunk/etc folder. I have few questions for you experts.

1) is it sufficient if i take /etc backup for this upgrade. this instance is used only as management server for a small instance and no other role for this server.
2) in case of upgrade failure, procedure to rollback is to restore the /etc backup and start splunk?

Request your suggestions and guidance on this.

Thanks,

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-20-2020 07:16 AM

Hi @suryaaruna,
I don't understand what do you mean with "management server": Deployment Server, Monitoring Console, Master Node ot what else?

Anyway, except Indexers, you can have two approach in backup Splunk instances:

  • backup all the $SPLUNK_HOME folder,
  • backup only the $SPLUNK_HOME/etc folder.

In the first case, you can restore the backupped folder, restart Splunk and you'll newly have your Splunk instance up and running.

In the second case, (obviously it requires less space in backup) you have to reinstall Splunk using the same backupped version, then restore the backupped etc folder and then restart Splunk.

In other word: if you backup all the forder, it's ready to restart, if you nackup only configuration files, you must before reinstall Splunk and then restore the configuration files.

Ciao.
Giuseppe

0 Karma
Reply

suryaaruna
New Member
‎01-21-2020 07:55 PM

Thanks Gcusello,

I meant Monitoring console. This monitoring console is of older version and have nothing in it for now. so will proceed with /etc/ backup and proceed with the upgrading activity.

Thanks again,
Aruna.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-21-2020 11:37 PM

Hi @suryaaruna,
you're welcome!
if this answer solves your problem, please accept and/or upvote it for the other people of Community.
Ciao and next time.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...