All Apps and Add-ons

How do I install "VersionControl For Splunk" the app and how to trigger the initial backup?

paliwalparitosh
Explorer

Can you write - what steps needs to be taken after adding the app to $SPLUNK_HOME/etc/apps folder?

I installed "VersionControl For Splunk" App.
Added inputs.conf in local directory as well as App.conf and marked it as configured.

When I restarted splunk, the app created empty folders (for all splunk apps) in tempGitRepo and initiated git repo as well
but not pushing any data to remote repo as well. Also, since folders are empty so they are of no use anyways.

PS: I am new to modular inputs.

0 Karma

weili6
Engager

@gjandersHi, a quick question:  what triggers the splunkversioncontrol_backup process to run after the initial whole backup?  Thanks!

0 Karma

weili6
Engager

@gjanders  Yes, Just noticed there is "More settings" checkbox. From there the interval can be set. Wonderful! 

0 Karma

gjanders
SplunkTrust
SplunkTrust

Under the more settings section when you configure the input you can set an interval.

I backup hourly for example.

You can always update the schedule via settings, data inputs 

0 Karma

weili6
Engager

@gjanders  using the app  https://splunkbase.splunk.com/app/4013/, it works perfect.  Thanks. 

0 Karma

gjanders
SplunkTrust
SplunkTrust

If you are using app Version Control For Splunk as in https://splunkbase.splunk.com/app/4355/ then I would suggest creating your modular input via Settings -> Data Inputs in the Splunk GUI

Validation is built in to the app to ensure the fields are filled out correctly, if not an error is thrown on screen, if that doesn't work the logs are here on Linux:
/opt/splunk/var/log/splunk/splunkversioncontrol_restore.log
/opt/splunk/var/log/splunk/splunkversioncontrol_backup.log

Or the internal index which also has these log files

To help further I would need a post of the inputs.conf (with the passwords removed of course), and the most recent log entries for either backup or restore.

As a first guess, do you have your SSH key setup on your server to talk to the git repo? This is one of the per-requisites to getting the app running

weili6
Engager

@gareth

I had the same issue. I ran the splunkversioncontrol_backup.py the first time, I see the script hung forever and checked the spunkversioncontrol_backup.log, nothing logged. 

Could you elaborate how to set up modular inputs through Splunk UI? 

Thanks. 

 

0 Karma

weili6
Engager

Hi @gjanders, your VersionControl for Splunk  works like a charm! Thank you! I installed on standalone Splunk instance, configured git temp working directory and remote git repo, then filling in the modular input settings, it backed up all SKOs.  Great app for Splunk.

One thing we noticed that password field for REST URL is not obfuscated. Is there anyway to add this feature?  

Many Thanks.

 

 

0 Karma

gjanders
SplunkTrust
SplunkTrust

@weili6 I might need to update the README.md file but as per https://github.com/gjanders/SplunkVersionControl/blob/master/README/inputs.conf.spec

You can use password:passwordnameinpasswordsdotconffile

However you need to get the password into it. There is a rest passwords app on SplunkBase that can help 

0 Karma

weili6
Engager

@gjanders , thanks for the update.

So we can add password.conf in the same location as inputs.conf.spec file? 

Inside the passowrd, add one line like: 

      myusername=mypassword,

Then configure modular input setting for srcPassword as password:mypassword? 

0 Karma

weili6
Engager

@gjanders   Is the passwords.conf stored in standalone Splunk instance or on remote SH? Thanks,

0 Karma

gjanders
SplunkTrust
SplunkTrust

You could use an app like https://splunkbase.splunk.com/app/4013/ to add the passwords in on the standalone instance.

And on the standalone instance, let's say you added the password "mypassword", then in the srcPassword:

srcPassword = password:mypassword

 

In this example (and then the "mypassword" comes from the passwords.conf), it can come from any app context and no realm required, but the SplunkVersionControl app will be checked first...

0 Karma

gjanders
SplunkTrust
SplunkTrust

Probably best to start a new thread. I'm unsure why it would hang, I'd definitely tick the debug mode box but let's discuss in a new thread 

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

If you have closely followed the instructions here: https://splunkbase.splunk.com/app/4182/#/details then the next thing to do is to look at the log to see why it might not be working. Try running the below search and let me know what it returns so I can help you further.

sourcetype=gitforsplunk index=_internal ( you might need to change the index to be what you configured in inputs.conf )

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

Whoops sorry.. Looks like you aren't using the app I linked.

0 Karma

gjanders
SplunkTrust
SplunkTrust

FYI you should get an automated email if your app gets tagged in a post...

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...