English en
2023E (11.32)

Restoring a Disaster Recovery Backup for a Splunk Cluster

Updated

On this page

You can perform a disaster recovery from a backup of the indexer peer nodes that include Splunk clustered indexes.

Before You Begin

  • Configure a new cluster and install Splunk on all the nodes. The number of nodes in destination cluster must be same as in source cluster.

  • Ensure that the installation path of Splunk on each node of destination cluster is same as in source cluster.

  • Verify that your new environment meets system requirements for Splunk. For more information, see Getting Started with Splunk.

  • Ensure that you have access to latest file system backup of the $SPLUNK_HOME/etc directory from all the Splunk nodes.

Procedure

  1. Browse the file system backup content to copy the $SPLUNK_HOME/etc folder from master node of source cluster and paste it in the corresponding location on the master node of destination cluster.

  2. Copy the $SPLUNK_HOME/etc folder from peer node of source cluster to corresponding peer node in the destination cluster. For example, Peer1 (source) to Peer1 (destination), Peer2 (source) to Peer2 (destination).

  3. On the master node of the destination cluster, navigate to the $SPLUNK_HOME/etc/system/local/server.conf file and replace the serverName under [general] section with name of the new master node.

    Note: If the serverName references the value $HOSTNAME, then you can ignore the above step.

  4. On each of the peer nodes, navigate to the $SPLUNK_HOME/etc/system/local/server.conf file and do the following:

    1. Modify the serverName under [general] section with the name of the new peer nodes.

      Note: If the serverName references the value $HOSTNAME, then you can ignore the above step.

    2. Modify the master_uri under [clustering] section based on the following conditions:

      1. If the new Splunk cluster version is earlier than 8.2.0, then modify the master_uri value with the URI of the new master node.

      2. If the new Splunk cluster version is 8.2.0 or later, then rename the master_uri parameter to manager_uri and modify the value with URI of the new manager node.

  5. Start Splunk services on each node of the cluster.

  6. Configure one of the nodes as the license manager server and set other nodes as licensed peers by referencing them to the license manager server. For more information, go to “Configure a license manager” and “Configure a license peer” on the Splunk website.

  7. Create a Splunk client on the CommServe server where backup of the previous Splunk cluster is stored.

  8. Configure indexer peer nodes for the destination cluster. For more information, see Add Indexer Peer Nodes to the Splunk Cluster.

  9. Restore data from source client to destination (new) client by selecting the Restore to another Splunk instance option in the Restore dialog box. For more information on out of place restores for Splunk, see Restoring Splunk Data to a Different Location (Out of Place).

Creating your PDF

Your PDF is being created and will be ready soon.

We can send you a link when your PDF is ready to download.