https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/643592#M11519 <P>You might like <A href="https://splunkbase.splunk.com/app/6895" target="_blank">https://splunkbase.splunk.com/app/6895</A> to track changes to your knowledge objects. It's no effort, doesn't require git or anything else, and works equally well on-prem and in cloud.</P><P>And it sounds like you should probably have a look at&nbsp;my ES Choreographer app: <A href="https://splunkbase.splunk.com/app/6309" target="_blank">https://splunkbase.splunk.com/app/6309</A> as presented at .conf21 <A href="https://conf.splunk.com/files/2021/recordings/SEC1441A.mp4" target="_blank">https://conf.splunk.com/files/2021/recordings/SEC1441A.mp4</A></P> Wed, 17 May 2023 09:54:52 GMT gabriel_vasseur 2023-05-17T09:54:52Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/492433#M8405 <P>Hey everyone,</P> <P>I've looked around for a little and but was trying to find out if there was a way to backup and do version control with comments on saved correlation searches.</P> <P>We have multiple users that have access to our content in ES and wanted to do a well-documented version control/ backup of searches used in correlation search. We are currently doing this via private git instance but wanted to explore possibilities through Splunk.</P> <P>I've found some guidance using index=_internal from below but didn't get too far working with different source types within the index.</P> <P><A href="https://answers.splunk.com/answers/525792/is-there-an-audit-log-that-tracks-changes-to-conte.html" target="_blank" rel="noopener">https://answers.splunk.com/answers/525792/is-there-an-audit-log-that-tracks-changes-to-conte.html</A></P> <P>Thanks!</P> Wed, 17 May 2023 11:43:55 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/492433#M8405 claxpum0n 2023-05-17T11:43:55Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/492434#M8406 <P>Have you looked at the apps for this?</P> <P><A href="https://github.com/paychex/Splunk.Conf19/">FN1315 - Cover Your Assets: Protect Your Knowledge Objects from Yourself (and Others) - A Paychex story</A><BR /> <A href="https://splunkbase.splunk.com/app/4182/">Git Version Control for Splunk</A><BR /> <A href="https://splunkbase.splunk.com/app/4355/">VersionControl For Splunk</A></P> <P>There are pro's and con's to each solution, the last one is my version. It allows a user to restore via a dashboard but is likely the most complex of the mentioned solutions <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 22 Nov 2019 03:07:21 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/492434#M8406 gjanders 2019-11-22T03:07:21Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/527873#M9436 <P>Splunk version 8.1 allows you to comment SPL searches. Maybe you could use that as a way to track changes.</P><P><A href="https://www.youtube.com/watch?v=sN03YNKZeBM" target="_blank">https://www.youtube.com/watch?v=sN03YNKZeBM</A></P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Addcommentstosearches" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Addcommentstosearches</A></P> Wed, 04 Nov 2020 10:36:00 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/527873#M9436 securitypaul 2020-11-04T10:36:00Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/643592#M11519 <P>You might like <A href="https://splunkbase.splunk.com/app/6895" target="_blank">https://splunkbase.splunk.com/app/6895</A> to track changes to your knowledge objects. It's no effort, doesn't require git or anything else, and works equally well on-prem and in cloud.</P><P>And it sounds like you should probably have a look at&nbsp;my ES Choreographer app: <A href="https://splunkbase.splunk.com/app/6309" target="_blank">https://splunkbase.splunk.com/app/6309</A> as presented at .conf21 <A href="https://conf.splunk.com/files/2021/recordings/SEC1441A.mp4" target="_blank">https://conf.splunk.com/files/2021/recordings/SEC1441A.mp4</A></P> Wed, 17 May 2023 09:54:52 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Enterprise-Security-How-to-backup-and-version-control/m-p/643592#M11519 gabriel_vasseur 2023-05-17T09:54:52Z