Splunk Search

Splunk management server backup and restore

suryaaruna
New Member

Hello Splunkers.... I am trying to upgrade our management server from 6.6.2 to 7.3.2. I am taking backup of /opt/splunk/etc folder. I have few questions for you experts.

1) is it sufficient if i take /etc backup for this upgrade. this instance is used only as management server for a small instance and no other role for this server.
2) in case of upgrade failure, procedure to rollback is to restore the /etc backup and start splunk?

Request your suggestions and guidance on this.

Thanks,

Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @suryaaruna,
I don't understand what do you mean with "management server": Deployment Server, Monitoring Console, Master Node ot what else?

Anyway, except Indexers, you can have two approach in backup Splunk instances:

  • backup all the $SPLUNK_HOME folder,
  • backup only the $SPLUNK_HOME/etc folder.

In the first case, you can restore the backupped folder, restart Splunk and you'll newly have your Splunk instance up and running.

In the second case, (obviously it requires less space in backup) you have to reinstall Splunk using the same backupped version, then restore the backupped etc folder and then restart Splunk.

In other word: if you backup all the forder, it's ready to restart, if you nackup only configuration files, you must before reinstall Splunk and then restore the configuration files.

Ciao.
Giuseppe

0 Karma

suryaaruna
New Member

Thanks Gcusello,

I meant Monitoring console. This monitoring console is of older version and have nothing in it for now. so will proceed with /etc/ backup and proceed with the upgrading activity.

Thanks again,
Aruna.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @suryaaruna,
you're welcome!
if this answer solves your problem, please accept and/or upvote it for the other people of Community.
Ciao and next time.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...