Splunk Search

Splunk management server backup and restore

suryaaruna
New Member

Hello Splunkers.... I am trying to upgrade our management server from 6.6.2 to 7.3.2. I am taking backup of /opt/splunk/etc folder. I have few questions for you experts.

1) is it sufficient if i take /etc backup for this upgrade. this instance is used only as management server for a small instance and no other role for this server.
2) in case of upgrade failure, procedure to rollback is to restore the /etc backup and start splunk?

Request your suggestions and guidance on this.

Thanks,

Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @suryaaruna,
I don't understand what do you mean with "management server": Deployment Server, Monitoring Console, Master Node ot what else?

Anyway, except Indexers, you can have two approach in backup Splunk instances:

  • backup all the $SPLUNK_HOME folder,
  • backup only the $SPLUNK_HOME/etc folder.

In the first case, you can restore the backupped folder, restart Splunk and you'll newly have your Splunk instance up and running.

In the second case, (obviously it requires less space in backup) you have to reinstall Splunk using the same backupped version, then restore the backupped etc folder and then restart Splunk.

In other word: if you backup all the forder, it's ready to restart, if you nackup only configuration files, you must before reinstall Splunk and then restore the configuration files.

Ciao.
Giuseppe

0 Karma

suryaaruna
New Member

Thanks Gcusello,

I meant Monitoring console. This monitoring console is of older version and have nothing in it for now. so will proceed with /etc/ backup and proceed with the upgrading activity.

Thanks again,
Aruna.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @suryaaruna,
you're welcome!
if this answer solves your problem, please accept and/or upvote it for the other people of Community.
Ciao and next time.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...