Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Process to copy index from one Windows Server to another

mship
Path Finder
‎03-04-2013 05:58 AM

I am running Splunk 5.0.1, am in a Windows workgroup enviornment, and have 2 Windows 2008R2 servers as indexers for redundancy (indexerA and B). What I am looking to do is to establish a process to, should one server go down, restore the index from the second server. Let's say indexer B goes down for a week and I am ready to bring it back up online this is the process that I would execute...

Indexer A - roll the hot dbs to warm by running the folling command:

  • $SPLUNK_HOME\Splunk _internal cal /data/indexes/main/roll-hot-buckets -auth admin:
  • disable splunkd on indexerA
  • log onto indexer B and map network drive to on indexer A
  • copy defaultdb from indexer A to indexer B
  • restart splunk on both instances and both indexes should now have the same exact data

Does this sound correct?

Tags (1)
0 Karma
Reply

mship
Path Finder
‎03-04-2013 11:30 AM

Ammend the above process to...

On indexer B create \defaultdb
log onto indexer A and map network drive to on indexer b
copy contents of defaultdb from indexer A to indexer B

0 Karma
Reply

lpolo
Motivator
‎03-04-2013 06:35 AM

You could create a cluster as documented in:

http://docs.splunk.com/Documentation/Splunk/5.0.2/Indexer/Aboutclusters

Clusters are groups of Splunk indexers configured to replicate each others' data, so that the system keeps multiple copies of all data. This process is known as index replication. By maintaining multiple, identical copies of Splunk data, clusters prevent data loss while promoting data availability for searching.........

Lp

0 Karma
Reply

mship
Path Finder
‎03-04-2013 11:27 AM

Thanks for your assistance lpolo but unfortunatley schedule does not allow me the time to implement clustering. I will definitley keep your advice in my pocket as a possible upgrade in the future.

0 Karma
Reply

lpolo
Motivator
‎03-04-2013 06:53 AM

The number of servers is determine by the replication factor.
For example, if you want to ensure that your system can handle the failure of two peer nodes, you must configure a replication factor of 3, which means that the cluster stores three identical copies of your data on separate nodes. If two peers go down, the data is still available on a third peer.

0 Karma
Reply

mship
Path Finder
‎03-04-2013 06:45 AM

But if I am not mistaken you need at lease 4 or 5 servers for a cluster...I only have 2.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...