Can you write - what steps needs to be taken after adding the app to $SPLUNK_HOME/etc/apps folder?
I installed "VersionControl For Splunk" App.
Added inputs.conf in local directory as well as App.conf and marked it as configured.
When I restarted splunk, the app created empty folders (for all splunk apps) in tempGitRepo and initiated git repo as well
but not pushing any data to remote repo as well. Also, since folders are empty so they are of no use anyways.
PS: I am new to modular inputs.
@gjandersHi, a quick question: what triggers the splunkversioncontrol_backup process to run after the initial whole backup? Thanks!
@gjanders Yes, Just noticed there is "More settings" checkbox. From there the interval can be set. Wonderful!
Under the more settings section when you configure the input you can set an interval.
I backup hourly for example.
You can always update the schedule via settings, data inputs
@gjanders using the app https://splunkbase.splunk.com/app/4013/, it works perfect. Thanks.
If you are using app Version Control For Splunk as in https://splunkbase.splunk.com/app/4355/ then I would suggest creating your modular input via Settings -> Data Inputs in the Splunk GUI
Validation is built in to the app to ensure the fields are filled out correctly, if not an error is thrown on screen, if that doesn't work the logs are here on Linux:
/opt/splunk/var/log/splunk/splunkversioncontrol_restore.log
/opt/splunk/var/log/splunk/splunkversioncontrol_backup.log
Or the internal index which also has these log files
To help further I would need a post of the inputs.conf (with the passwords removed of course), and the most recent log entries for either backup or restore.
As a first guess, do you have your SSH key setup on your server to talk to the git repo? This is one of the per-requisites to getting the app running
I had the same issue. I ran the splunkversioncontrol_backup.py the first time, I see the script hung forever and checked the spunkversioncontrol_backup.log, nothing logged.
Could you elaborate how to set up modular inputs through Splunk UI?
Thanks.
Hi @gjanders, your VersionControl for Splunk works like a charm! Thank you! I installed on standalone Splunk instance, configured git temp working directory and remote git repo, then filling in the modular input settings, it backed up all SKOs. Great app for Splunk.
One thing we noticed that password field for REST URL is not obfuscated. Is there anyway to add this feature?
Many Thanks.
@weili6 I might need to update the README.md file but as per https://github.com/gjanders/SplunkVersionControl/blob/master/README/inputs.conf.spec
You can use password:passwordnameinpasswordsdotconffile
However you need to get the password into it. There is a rest passwords app on SplunkBase that can help
@gjanders , thanks for the update.
So we can add password.conf in the same location as inputs.conf.spec file?
Inside the passowrd, add one line like:
myusername=mypassword,
Then configure modular input setting for srcPassword as password:mypassword?
@gjanders Is the passwords.conf stored in standalone Splunk instance or on remote SH? Thanks,
You could use an app like https://splunkbase.splunk.com/app/4013/ to add the passwords in on the standalone instance.
And on the standalone instance, let's say you added the password "mypassword", then in the srcPassword:
srcPassword = password:mypassword
In this example (and then the "mypassword" comes from the passwords.conf), it can come from any app context and no realm required, but the SplunkVersionControl app will be checked first...
Probably best to start a new thread. I'm unsure why it would hang, I'd definitely tick the debug mode box but let's discuss in a new thread
If you have closely followed the instructions here: https://splunkbase.splunk.com/app/4182/#/details then the next thing to do is to look at the log to see why it might not be working. Try running the below search and let me know what it returns so I can help you further.
sourcetype=gitforsplunk index=_internal
( you might need to change the index
to be what you configured in inputs.conf )
Whoops sorry.. Looks like you aren't using the app I linked.
FYI you should get an automated email if your app gets tagged in a post...