Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Script to backup of Splunk

krissid
Engager
‎01-17-2012 06:28 AM

Does anyone have an example of a backup script for Splunk

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

hedgehog
Explorer
‎01-17-2012 06:32 AM

Hi

This will need some tweeking, but here we go:

#!/bin/bash
SPLUNK="/opt/splunk"
CONFIG="/opt/splunk/etc"
BUCKETS="/opt/splunk/var/lib/splunk/"
ADMU={admin-user-name}
ADMP={admin-password}
INDEX={index you need to roll}
SPLUNK_HOME="/opt/splunk"
SPLUNK_DB="/opt/splunk/var/lib/splunk"

mount /mnt/backup
set $(date)

for i in ls /opt/splunk/var/lib/splunk ; do $SPLUNK_HOME/bin/splunk _internal call $SPLUNK_DB/roll-hot-buckets –auth $ADMU:$ADMP ; done

if test "$1" = "Sun" ; then
# weekly a full backup of all data and config. settings:
#
tar cfz "/backup/data/data_full_$6-$2-$3.tgz" $BUCKETS –-exclude='hot_' ; done
rm -f /backup/data/data_diff*
#
tar cfz "/backup/config/config_full_$6-$2-$3.tgz" $CONFIG
rm -f /backup/config/config_diff*
else
# incremental backup:
#
find $BUCKETS -depth -type f ( -ctime -1 -o -mtime -1 ) -print > $LIST
tar cfzT "/backup/data/data_diff_$6-$2-$3.tgz" "$LIST" –-exclude='hot_' ; done
rm -f "$LIST"
#
find $CONFIG -depth -type f ( -ctime -1 -o -mtime -1 ) -print > $LIST
tar cfzT "/backup/config/config_diff_$6-$2-$3.tgz" "$LIST"
rm -f "$LIST"
fi

View solution in original post

Reply
Solved! Jump to solution
Solution

hedgehog
Explorer
‎01-17-2012 06:32 AM

Hi

This will need some tweeking, but here we go:

#!/bin/bash
SPLUNK="/opt/splunk"
CONFIG="/opt/splunk/etc"
BUCKETS="/opt/splunk/var/lib/splunk/"
ADMU={admin-user-name}
ADMP={admin-password}
INDEX={index you need to roll}
SPLUNK_HOME="/opt/splunk"
SPLUNK_DB="/opt/splunk/var/lib/splunk"

mount /mnt/backup
set $(date)

for i in ls /opt/splunk/var/lib/splunk ; do $SPLUNK_HOME/bin/splunk _internal call $SPLUNK_DB/roll-hot-buckets –auth $ADMU:$ADMP ; done

if test "$1" = "Sun" ; then
# weekly a full backup of all data and config. settings:
#
tar cfz "/backup/data/data_full_$6-$2-$3.tgz" $BUCKETS –-exclude='hot_' ; done
rm -f /backup/data/data_diff*
#
tar cfz "/backup/config/config_full_$6-$2-$3.tgz" $CONFIG
rm -f /backup/config/config_diff*
else
# incremental backup:
#
find $BUCKETS -depth -type f ( -ctime -1 -o -mtime -1 ) -print > $LIST
tar cfzT "/backup/data/data_diff_$6-$2-$3.tgz" "$LIST" –-exclude='hot_' ; done
rm -f "$LIST"
#
find $CONFIG -depth -type f ( -ctime -1 -o -mtime -1 ) -print > $LIST
tar cfzT "/backup/config/config_diff_$6-$2-$3.tgz" "$LIST"
rm -f "$LIST"
fi

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...