Building for the Splunk Platform

What is the best way to back up config files?

nawazns5038
Builder

Hi,

In order to take a backup of the config files, I have copied a file to, let's say, authorize.conf_bak_03_21_2018 .

Will Splunk read the settings from the above file? I am assuming that it will not.
But why am I getting following error message in the internal logs?

ERROR Archiver - Failed to open  file="/opt/splunk/etc/system/local/authorize.conf_bak_03_21_2018":
             Permission denied 

What is the best way to backup the config files and save them in the same folder?

0 Karma

ddrillic
Ultra Champion

I normally create a /opt/splunk/etc/system/local/bckup folder and place the backup files there. The error you see gives another reason not to place the backup files in the same directory.

0 Karma

gjanders
SplunkTrust
SplunkTrust

Does the user running Splunk have read permissions on the mentioned file? The permission denied implies a filesystem permissions issue

0 Karma

horsefez
SplunkTrust
SplunkTrust

Hi @nawazns5038,

try to go for something like this:

authorize.bak
inputs.bak
outputs.bak
props.bak
transforms.bak

If you want to include the backup date, you could also create a folder with the date as its name.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...