Splunk® Phantom (Legacy)

Administer Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Disable warm standby

Warm standby must be disabled in order to:

  • perform systems maintenance
  • set up back up or perform a restore
  • upgrade

If warm standby is disabled, you will need to reconfigure warm standby from the beginning.

Disable warm standby procedure

Do these steps as either the root user or a user with sudo permissions.

On the primary

  1. Turn off warm standby.
    phenv python /<PHANTOM_HOME>/bin/setup_warm_standby.pyc --primary-mode --off

On the warm standby

  1. Turn off warm standby.
    phenv python /<PHANTOM_HOME>/bin/setup_warm_standby.pyc --standby-mode --off
  2. Stop all services.
    /<PHANTOM_HOME>/bin/stop_phantom.sh

Warm standby will be disabled, and the cron jobs removed to prevent the rsync jobs from running.

Last modified on 08 September, 2021
Failover to the warm standby   Recreate warm standby after a failover

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters