Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Disable automated incremental backups

Perform the following steps to disable and stop Splunk UBA from performing automated incremental backups:

  1. Log in to the PostgreSQL node as the caspida user in your Splunk UBA deployment. This is node 2 in 20-node deployments, or node 1 for all other deployments.
  2. Run the following command to stop Splunk UBA:
    /opt/caspida/bin/Caspida stop
  3. Remove the archiving.conf file.
    On RHEL, Oracle Linux, and CentOS systems:
    cd /var/vcap/store/pgsql/10/data/conf.d
    rm -rf archiving.conf
    

    On Ubuntu systems:

    cd /etc/postgresql/10/main/conf.d
    rm -rf archiving.conf
    
  4. Log in to the management node in your Splunk UBA depoyment as the caspida.
  5. Perform the following tasks on the Splunk UBA management node:
    1. Set the backup.filesystem.enabled property to false in the /etc/caspida/local/conf/uba-site.properties file:
      backup.filesystem.enabled = false
    2. Synchronize the cluster:
      /opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf
    3. Reset the filesystem replication setup:
      /opt/caspida/bin/replication/setup filesystem -r
    4. Restart PostgreSQL services:
      /opt/caspida/bin/Caspida stop-postgres
      /opt/caspida/bin/Caspida start-postgres
      
    5. Start Splunk UBA:
      /opt/caspida/bin/Caspida start
Last modified on 29 June, 2022
Perform periodic cleanup of the backup files   Configure warm standby in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters