The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: Sync splunk db with rsync

Previous Topic: Move WMI Input to different Indexes  |   Next Topic: Splunk high cpu/memory usage


Posts 1–2 of 2
1
posted by: donypie  |  posts
date: June 3, 2009
permalink

Hi all,

We have two sites NBB4 and NBB2. We would like to install two splunk, one in each site. The Splunk server located in NBB2 will be the active splunk and will receive all Syslog from appliance located in NBB2 and NBB4. The Splunk server located in NBB4 will be passive.

In case of problem with Splunk in NBB2, we will rename hostname, change ip address and start Splunk on NBB4, he will become the active server.

My question is : is it possible to use rsync to copy splunk db from server NBB2 to server NBB4 ?
Or is it better to use the forwarding fearture of Splunk and work in an active/active configuration ?

But, if I use an active/active configuration and if I use the enterprise version, do I have to pay two licences ?

Thanks.
Regards,
Pierre.

2
posted by: gkanapathy  |  posts
date: June 5, 2009
permalink

You can use either method. You should contact sales about licensing questions, though I believe that as long as the second instance in both cases is a backup/failover server, it will be treated the same regardless.