Installation

How to backup config files?

gozdeyildiz
New Member

Him

What is the most convenient way to backup Splunk configuration file for different Splunk islands? We are migrating our customers to Splunk 8 and want to make sure that configuration is backed up periodically.

Can we use Splunk API for it?

Bests,

Labels (1)
Tags (1)
0 Karma

nickhills
Ultra Champion

There are several approaches you can use, but at the most basic level:

Take a copy of $SPLUNK_HOME/etc This will include all your system and application config files and any user data or private searches, and (importantly) the splunk.secret and passwd files.

If you have a copy of ./etc you should have everything you need to restore an instance (other than indexed data)

You can't use the Splunk Rest API to perform a backup per-se, but you can use it to list it and help you figure out what needs to be exported.
See here for a great presentation, demo and example code from .conf 19 https://conf.splunk.com/watch/conf-online.html?search=FN1315#/

Finally there are a number of applications on splunkbase (or you can implement your own) to check the contents of a single app (or all apps, or all of ./etc) into git - or another code repository if you choose.
(first two apps) https://splunkbase.splunk.com/apps/#/search/git%20version%20control/

This is a nice approach as it will give you versioned files so you can track (and revert) changes over time. Useful if you have lots of users creating/modifying assets, and want to keep that flexibility whilst introducing some safeguards.

If my comment helps, please give it a thumbs up!

gerryha
Explorer

the link to FN1315 doesn't work anymore

0 Karma

isoutamo
SplunkTrust
SplunkTrust

GitHub link should work. See previous message.

0 Karma

efavreau
Motivator

@nickhillscpl Thank you for the recognition on FN1315!

@gozdeyildiz: @dmarling and I put in a ton of work to develop that solution and share it with the Splunk community. The Cover Your Assets presentation explains the genesis, assumptions, gotchas, and does a working demo. After watching it, grab the code on Paychex's Github: https://github.com/paychex/Splunk.Conf19/
If there's questions/comments/etc., @ mention us here on Splunk Answers.

###

If this reply helps you, an upvote would be appreciated.
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...