Getting Data In

How can I write a Python script that will backup my current CSV files in Splunk each week?

ksarode
Explorer

I want to get a script that will run each week to back up all of my files in a CSV format each week.

0 Karma

ltrand
Contributor

I don't know that you need a python script to do that. Simple bash will do it. But, if you want to go down that route, here is some help:

Example a basic python backup script:
https://codereview.stackexchange.com/questions/66546/backup-files-script

Example of a closer example that only copies specific files and maintains directory structure:
https://stackoverflow.com/questions/35155382/copying-specific-files-to-a-new-folder-while-maintainin...

and a cron formatter so that you can schedule it:
https://www.freeformatter.com/cron-expression-generator-quartz.html

I highly recommend asking these types of questions over at stackexchange or stackoverflow, as there are more people over there equipped to answer that type of a question. Not that the Splunk community can't, but that you'll have more success over there with this type of question.

FritzWittwer_ol
Contributor

A very lazy solution to keep a daily copy for a week and a monthly copy for a year of the whole $SPLUNK_HOME/etc needs tow simple cron jobs.

50 23 * * * umask 0007 ; tar -czf /opt/splunk/etc-`date +"\%A"`.tgz /opt/splunk/etc > /dev/null 2>&1
55 23 1 * * umask 0007 ; tar -czf /opt/splunk/etc-`date +"\%B"`.tgz /opt/splunk/etc > /dev/null 2>&1

Uses one GB of disk space and allows to recover from any mishaps in the etc directory. You can of course use a find to select just the csv files:

tar -czf /opt/splunk/etc-`date +"\%A"`.tgz `find /opt/splunk/etc -name "*.csv"`

No need for any (python) script at all

0 Karma

FritzWittwer_ol
Contributor

do you intend to run the script on the search head, will it be triggered by cron?

0 Karma

ksarode
Explorer

yes.. i want to run it on search head

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

Where did you want to back them up to?

0 Karma

ksarode
Explorer

on the same location..

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @ksarode, did you find a solution for your problem? If not do you want to describe in more detail what you are trying to accomplish to see if someone has an answer for you?

0 Karma

ksarode
Explorer

NO i have not received the solution for my question. actually i want a script to take weekly backups of the csv files in splunk.. let me know if you can help me in writing the script.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...