Disable automated incremental backups
Perform the following steps to disable and stop Splunk UBA from performing automated incremental backups:
- Log in to the PostgreSQL node as the caspida user in your Splunk UBA deployment. This is node 2 in 20-node deployments, or node 1 for all other deployments.
- Run the following command to stop Splunk UBA:
/opt/caspida/bin/Caspida stop
- Remove the archiving.conf file.
On RHEL or Oracle Linux systems:cd /var/vcap/store/pgsql/10/data/conf.d rm -rf archiving.conf
On Ubuntu systems:
cd /etc/postgresql/10/main/conf.d rm -rf archiving.conf
- Log in to the management node in your Splunk UBA depoyment as the caspida.
- Perform the following tasks on the Splunk UBA management node:
- Set the backup.filesystem.enabled property to false in the
/etc/caspida/local/conf/uba-site.properties
file:backup.filesystem.enabled = false
- Synchronize the cluster:
/opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf
- Reset the filesystem replication setup:
/opt/caspida/bin/replication/setup filesystem -r
- Restart PostgreSQL services:
/opt/caspida/bin/Caspida stop-postgres /opt/caspida/bin/Caspida start-postgres
- Start Splunk UBA:
/opt/caspida/bin/Caspida start
- Set the backup.filesystem.enabled property to false in the
Perform periodic cleanup of the backup files | Configure warm standby in Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1
Feedback submitted, thanks!