Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Script for finding frozen data by date range and restore them

Mehran_Safari
Explorer
‎09-12-2022 04:24 AM

This is a script for finding frozen bucket files in time range you gave

It shows folders + size + start time and endtime of logs contains on  each folder log + asks to unfrozen log 

 

 

#!/bin/bash
clear
echo  "############################"
echo  "##created.by mehran.safari##"
echo  "##        2022            ##"
echo  "############################"
##############
echo -n " Enter index name to lookup:"
read INAME
####
FROZENPATH="/frozendata"
echo " Default Splunk Frozen Indexes Path is "$FROZENPATH". is it ok? (y to continue or n to give new path):"
read  ANSWER3;
case "$ANSWER3" in
"y")
echo -e "OK Deafult Frozen Index Path Selected.";;
"n")
echo -e "Enter NEW Frozen Index Path:";
read FROZENPATH;;
esac
####
find "$FROZENPATH/$INAME" -type d -iname "db_*" -print > "./frozendb.txt"
echo -n " Enter starting date you need("MM/DD/YYYY HH:MM:SS"):"
read SDATE
echo -n " Enter end date you need("MM/DD/YYYY HH:MM:SS"):"
read EDATE
##############
BSDATE=$(date -d  "$SDATE" +%s)
BEDATE=$(date -d  "$EDATE" +%s)
#############
FILE='./frozendb.txt'
 while read line; do
          LOGSTART=`echo $line | cut -d "_" -f3`;
          LOGEND=`echo $line | cut -d "_" -f2`;
if [[ $BSDATE -le $LOGEND && $BEDATE -gt  $LOGSTART ]]; then
echo -e "******************************"
echo -e "Frozen Log Path You want: $line"
HLOGSTART=`date -d @"$LOGSTART"`
HLOGEND=`date -d @"$LOGEND"`
LOGSIZE=`du -hs "$line" | cut -d "/" -f1`
echo -e "*** this Bucket contains logs from: $HLOGSTART"
echo -e "*** this Bucket contains logs to: $HLOGEND "
echo -e "**** The Size Of This Log Is: $LOGSIZE"
echo -e "$line" >> "./frozenmatched.txt"
echo -e "******************************"
#else
#echo "not in data range you want: $line"
fi
done<$FILE
############
sudo rm -rf "./frozendb.txt"
echo "Do you Want to Unfrozen this Logs?(y to copy): "
read  ANSWER
FILE2='./frozenmatched.txt'
INDEXPATH="/opt/splunk/var/lib/splunk"
DST="$INDEXPATH/$INAME/thaweddb/"
if [[ "$ANSWER" == "y" ]]; then
echo " Default Destination is "$DST". is it ok? (y to continue or n to give new path):"
read  ANSWER2;
case "$ANSWER2" in
"y")
echo -e "OK Deafult Destination Selected.";;
"n")
echo -e "Enter NEW Destination Path:";
read DST;;
esac
while read line2; do
        sudo cp -R "$line2" "$DST"
        echo -e "Executing copy of $line2 to $DST DONE."
	echo -e "$DST$(basename $line2)"
	sudo /opt/splunk/bin/splunk rebuild "$DST$(basename $line2)" $INAME --ignore-read-error
done<$FILE2

fi
sudo rm -rf "./frozenmatched.txt"
##########
echo " Do you want to restart splunk service? (y to continue or n to exit):"
read  ANSWER4;
if [[ "$ANSWER4" == "y" ]]; then
sudo /opt/splunk/bin/splunk restart
fi
##########
echo     "################################"
echo  -e "## GOOD LUCk WITH BEST REGARDS##"
echo     "################################"
#########

 

this is the  github project if you need  https://github.com/mehransafari/Splunk_FrozenData_FIND_by_DATE_and_Restore

it may help you

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...