Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Disable automated incremental backups

Perform the following steps to disable and stop Splunk UBA from performing automated incremental backups:

  1. Log in to the PostgreSQL node as the caspida user in your Splunk UBA deployment. This is node 2 in 20-node deployments, or node 1 for all other deployments.
  2. Run the following command to stop Splunk UBA:
    /opt/caspida/bin/Caspida stop
  3. Remove the archiving.conf file.
    On RHEL, Oracle Linux, and CentOS systems:
    cd /var/vcap/store/pgsql/10/data/conf.d
    rm -rf archiving.conf
    

    On Ubuntu systems:

    cd /etc/postgresql/10/main/conf.d
    rm -rf archiving.conf
    
  4. Log in to the management node in your Splunk UBA depoyment as the caspida.
  5. Perform the following tasks on the Splunk UBA management node:
    1. Set the backup.filesystem.enabled property to false in the /etc/caspida/local/conf/uba-site.properties file:
      backup.filesystem.enabled = false
    2. Synchronize the cluster:
      /opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf
    3. Reset the filesystem replication setup:
      /opt/caspida/bin/replication/setup filesystem -r
    4. Restart PostgreSQL services:
      /opt/caspida/bin/Caspida stop-postgres
      /opt/caspida/bin/Caspida start-postgres
      
    5. Start Splunk UBA:
      /opt/caspida/bin/Caspida start
Last modified on 01 September, 2021
PREVIOUS
Perform periodic cleanup of the backup files
  NEXT
Configure warm standby in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters