×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
khkl11
New Member
Member since: a month ago
a month ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-05-2026
Activity Feed
Topics I've Started
View All

Designing an Air-Gapped DR Architecture

by in Splunk Enterprise
a month ago
a month ago
Hello everyone, I currently have a Splunk Production environment ingesting 2 TB/day. I am planning to build a Disaster Recovery (DRC) site with an ingestion capacity of approximately 100 GB/day, but we have several strict constraints that we need to work around: Network Isolation: There is no direct network communication between the Production and DRC environments, and opening network ports is not an option. Searchability: We want to be able to search Production logs from the DRC site. If manual log transfer is required, we can automate the file movement through an intermediate staging process. Availability: Even if the Production environment is completely down, we need the ability to perform searches on the DRC side. We are okay with "slow" search performance in this scenario. Resource Constraints: It is not possible to scale the DRC hardware/infrastructure to match the size of the Production environment. I am aware that this setup might not align with standard "best practices," but I am wondering if such a configuration is feasible but i would love to hear your ideas or alternative suggestions. Please let me know if you need any further information. Thank you in advance for your help! ... View more
Contact Me
Online Status
Offline
Date Last Visited
a month ago