Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Manage warm standby features and options

Use the phenv python /<PHANTOM_HOME>/bin/setup_warm_standby.pyc script to manage warm standby.

If you make any changes to warm standby using different flags, warm standby must be deactivated and then reconfigured on both the primary instance and the standby instance for the changes to take effect.

Warm standby script arguments

Argument Description
-h, --help Show this help message and exit.
--primary-mode Run the instance as the primary in the warm standby pairing.
--standby-mode Run the instance as the warm standby in the warm standby pairing.
--version Show the program's version number and exit.
--status Show the status of the current instance.
--configure Configure warm standby. Additional arguments are required.
--off Turn warm standby off on the current instance based on which mode the instance is in.
--convert-to-primary Convert a standby to primary valid only in case of --standby-mode
--primary-ip <PRIMARY_IP> IP address of the primary.
--standby-ip <STANDBY_IP> IP address of the warm standby.
-d, --ignore-database Ignore the PostgreSQL database. Ignores the Postgres database during setup. Only backs up system files.
-t, --ignore-vault Ignore vault. Ignores the vault from setup. Only backs up various contents from /<PHANTOM_HOME>/.

--recovery-database-location <RECOVERY_DATABASE_LOCATION>

When setting up the standby, copy the original database to this location for recovery in the event of a script failure.

As a best practice, ensure that you have two to three times the amount of free disk space that is currently used by the database before running the setup as this command creates a backup of the data. If the required disk space is not available for the backup, this operation fails.

--primary-phantom-version <PRIMARY_PHANTOM_VERSION> Version of the primary instance. Only valid for --standby-mode. If passed, validates against the current version.
-r <REMOTE_USER>, --remote-user <REMOTE_USER> The username of the remote user.
-x, --relax_verification Relax user verification requirements for non-root installations. Setting this option is not recommended.
-p <SSH_PORT>, --ssh-port <SSH_PORT> Port used to be used by all SSH commands.
--no-modify-ciphers Don't overwrite ssl_cipher in PostgreSQL configurations.
-u, --ignore-package-updates Skip updating packages. Skips re-installing rpm and pip packages.
--no-cron-install Set but don't install the warm standby crontab.
--recreate-local-db Purge current database and generate a blank instance when turning off your standby instance.

This will delete all of your data on the standby.

-w <WAL_KEEP_SEGMENTS>, --wal-keep-segments <WAL_KEEP_SEGMENTS> The number of wal segments retained on the primary instance. Increase the wal segments to allow greater network latency between the primary instance and standby instance. Increasing wal segments will take up additional disk space in your DB directory, specifically 16 MB per segment.
--replicator-password <REPLICATOR_PASSWORD> Password for the postgres replicator role. It can also be provided via the "PHANTOM_WARM_STANBY_REPLICATOR_PASSWORD" environment variable.
--ssh-password <SSH_PASSWORD> Password for the remote user. Can also be provided via the "PHANTOM_WARM_STANDBY_SSH_PASSWORD" environment variable.

SSL certificate information

The following arguments are options for the data required to generate an SSL certificate while configuring warm standby.

Argument Description
--ssl-country <SSL_COUNTRY> Value for a SSL certificate with the country code subject line.
--ssl-state <SSL_STATE> Value for a SSL certificate with the state code subject line.
--ssl-city <SSL_CITY> Value for a SSL certificate with the city subject line.
--ssl-org <SSL_ORG> Value for a SSL certificate with the organization subject line.
--ssl-unit <SSL_UNIT> Value for a SSL certificate with the organization unit subject line.
--ssl-domain <SSL_DOMAIN> Value for a SSL certificate with the domain subject line.
--ssl-email <SSL_EMAIL> Value for a SSL certificate with the email subject line.

Warm standby API

The API /rest/warm_standby_check can be used to determine if a instance is the standby in a warm standby pair. See REST Warm standby.

The API returns the same 500 result if used on either a warm standby or a cluster node. Clusters cannot use the warm standby feature.

Last modified on 30 November, 2023
Upgrade or maintain warm standby instances   Add and configure apps and assets to provide actions in

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters