Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Prepare to backup Splunk UBA

Read and verify important information before backing up Splunk UBA.

Splunk UBA backups can be restored in the following scenarios:

Backup Method Description and Use Case
Backup and restore Splunk UBA using automated incremental backups Configure periodic full and incremental backups without stopping Splunk UBA.

Use this when you want to backup and restore Splunk UBA to the same operating system and same number of nodes.

Backup and restore Splunk UBA using the backup and restore scripts Run a script to stop Splunk UBA and perform a full backup.

Use this when you want to backup and restore Splunk UBA to the same operating system and different number of nodes.

Backup disk size requirements

Review and verify the disk space requirements for the backup disk in Disk space and memory requirements for Splunk UBA in Install and Upgrade Splunk User Behavior Analytics.

Scheduling Splunk UBA backups

Perform or schedule backups of Splunk UBA at 10:00 PM local time to avoid conflicts with the offline models, which begin running at Midnight each night.

How long will my backup take?

The amount of time it takes to perform a backup depends on a number of factors, such as:

  • The size of your environment
  • The age of your environment
  • Network bandwidth
  • Storage throughput
  • Splunk UBA on cloud deployments may be subject to performance restrictions that will significantly increase the backup/restore time
  • Creating a compressed archive will take considerably longer due to the time required to compress the data

As an example, a large multi-node deployment with 5TB of data may complete a backup in less than 2 hours if the network bandwidth and storage throughput are not limiting factors.

Last modified on 12 December, 2019
Use the Splunk UBA login type when Splunk authentication or SSO is not available   Backup and restore Splunk UBA using automated incremental backups

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters