Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Hi I need to do a 100% backup of the full SPLUNK directory and all its contents.

robertlynch2020
Motivator
‎06-23-2016 04:06 AM

Hi I need to do a 100% backup of the full SPLUNK directory and all its contents.
We have a tool in the company that does this, however when i tired to test this SPLUNK started up the index were empty.
Then i read on the SPLUNK Web about Back-up Steps, however i was hoping for a way that i could take the full directory and not to run different steps etc...

At the moment the workaround is to STOP splunk do the back up and then start SPLUNK. However this is not great.

Is there anyway to do a HOT backup (from the file system) when SPLUNK is still up and copy something that will come back to life (If i miss 1 hours of data its not the end of the world for us)

Any help would be great 🙂

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎05-24-2017 06:05 AM

hope you found an answer already, just in case you did not and to answer the question here:
the challenge here is that hot buckets are open for writes and constantly change as data is written to.
you can specify your backup to ignore those. so you will copy / backup. check this link regarding buckets naming conventions:
http://docs.splunk.com/Documentation/Splunk/6.6.0/Indexer/HowSplunkstoresindexes#Bucket_naming_conve...
if your indexers are not clustered, you will backup buckets that are not: hot_<N>_guid
to get the best latest backup, you can restart splunk before the backup, this will roll all hot buckets to warm and seal them so they cant be written to.
as you mentioned, if you miss 1 hour of data in the backup its not the end of the world
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...