Snapshot backup method - How this method will help in taking backup of a hot bucket ?
please explain.
We use Linux LVM snapshots on our Splunk bucket filesystems. We take a snapshot of the filesystem, mount it on a temporary path, and back up from the temporary path.
While we've never had to do a restore/recovery, this works very well for us.
If you refer to (say)VMware or Virtual Box snapshots, this method can work - we use it as points of stability backups, but for the whole virtual machine, not selectively. This one bring in the hot bucket as in our case it is on the same box and maintains consistency. Be aware though that you may be exposed to loss of (forwarded log) data if using UDP which is quite a common method.
If in doubt or to allow for specifics in your environment then replicate it to a test platform.
Br
D
This reference source may be useful if you haven't seen it before. It also confirms snapshots on hot buckets - and provides links concerning recovery, clusters etc.
http://docs.splunk.com/Documentation/Splunk/5.0.1/Indexer/Backupindexeddata