Splunk Cloud Platform

Recover from a Disaster with Cross-region Disaster Recovery (Early Access)

About Cross-Region Disaster Recovery on Splunk Cloud Platform

Cross-Region Disaster Recovery is in the Early Access release phase. In the Early Access release phase, Splunk products might have limitations on customer access, features, maturity, and regional availability. Additionally, its documentation might receive frequent updates, or be incomplete or incorrect. For additional information on Early Access, contact your Splunk representative.

Cross-Region Disaster Recovery is a service that lets you maintain the continuity of your production Splunk Cloud Platform environment in the event of a qualified disaster. It improves the availability of the environment by keeping a replica of the environment in a separate cloud service provider (CSP) region. When a disaster happens, you can use that replica in place of the regular environment.

When the service is active for your Splunk Cloud Platform environment, Splunk replicates information from your Splunk Cloud Platform environment to the backup environment. When a qualified regional disaster occurs, Splunk automatically moves, or fails over, the production environment to the backup environment in the secondary CSP region, where it continues to ingest data until the disaster passes and the CSP restores services in the primary region. At that time, Splunk Support works with you to move the environment back to the primary CSP region.

Splunk replicates the following objects from the primary CSP region to the secondary region for the purposes of cross-regional disaster recovery:

  • All ingested data through HTTP Event Collector, forwarders, and modular inputs
  • Knowledge objects such as dashboards and saved searches
  • Splunk configuration files
  • Baseline applications
  • Lookups
  • App key value store (KV store) collections
  • Summary indexes
  • User search history from single search heads (SH) and from the one of the search heads in a search head cluster (SHC)

System requirements for Cross-Region Disaster Recovery

Cross-Region Disaster Recovery is currently in Early Access. You must sign up and pay for the service to have it integrated into your Splunk Cloud Platform environment. Because it is in Early Access, some features might not be fully available or usable.

To use the service, you must satisfy the following requirements:

  • Splunk must determine that you are eligible to use this service. As the service is in Early Access, it is not available to all customers.
  • Your Splunk Cloud Platform environment must run version 9.1.2312 or higher.
  • Your Splunk Cloud Platform environment must use the Victoria experience. See Determine your Splunk Cloud Platform experience in the Splunk Cloud Admin Manual to determine what experience your Splunk Cloud Platform environment uses.
  • You must use Splunk Cloud Platform within specific service limits. See Service limits and constraints in the Splunk Cloud Platform Service Manual.
  • Your Splunk Cloud Platform environment must be hosted in the following primary CSP regions, and fail over to the following secondary CSP regions.
Primary CSP region Secondary CSP region
Amazon Web Services (AWS) US-East-1

Failures only out of this region.

AWS US-West-2

Recoveries only into this region.

Get started with Cross-Region Disaster Recovery

Last modified on 18 November, 2024
  Cross-Region Disaster Recovery service description

This documentation applies to the following versions of Splunk Cloud Platform: 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters