Disable warm standby for Splunk SOAR (On-premises)
Disable warm standby to perform the following tasks:
- Perform system maintenance
- Configure a backup or restore your system
- Upgrade Splunk SOAR (On-premises)
Note: If you want to enable warm standby again after disabling it, you must recreate it. See Create a warm standby.
To disable warm standby, you must run commands on both the primary Splunk SOAR (On-premises) system and the warm standby system.
- Log in to the Splunk SOAR (On-premises) primary system from the command line as the phantom user.
- On the Splunk SOAR (On-premises) primary system, run the following command to turn off warm standby.
phenv python /<PHANTOM_HOME>/bin/setup_warm_standby.pyc --primary-mode --off - Log in to the warm standby system from the command line as the phantom user.
- On the warm standby system, run the following command to turn off warm standby. This command also disables the cron jobs for warm standby.
phenv python /<PHANTOM_HOME>/bin/setup_warm_standby.pyc --standby-mode --off - On the warm standby system, restart PostgreSQL to apply the changes from the previous step.
<$PHANTOM_HOME>/bin/phsvc restart postgresql - Continuing on the warm standby system, run the following command to stop all Splunk SOAR (On-premises) services.
/<PHANTOM_HOME>/bin/stop_phantom.sh
Warm standby is now disabled, and cron jobs are removed to prevent rsync jobs from running.
See also:
To perform tasks while warm standby is disabled, refer to the following resources:
- Splunk SOAR (On-premises) backup and restore overview
- Splunk SOAR (On-premises) upgrade overview and prerequisites
- System maintenance and updates in Splunk SOAR (On-premises) security information