Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I back up my Splunk knowledge objects. Is this a big undertaking? Any plans or SPLs are appreciated?

SamHTexas
Builder
‎09-26-2021 07:39 PM

I have learned this is very important in making sure you can recoverin case of a big disaster. It is a saving net for your saved searches, event types, tags, lookups, reports & all your customizations. I work in a large environment including splunk Ent. & ES. Any planning / SPLs are much appreciated. Thx a ton !

Labels (1)
Labels
Tags (1)
0 Karma
Reply

efavreau
Motivator
‎09-27-2021 06:33 AM

There's several angles to consider as an admin on backing up and restoring an enterprise environment. How to do it, how to restore it, how often to test, how often to snap, etc.

Beyond that, the investment of time and energy of even one critical dashboard, macro, or query, may justify looking into other ways to protect yourself. Several of us in the community have come up with ways to help with this too.

Check all of these things out to figure out how best to accomplish your goals. Good luck!

###

If this reply helps you, an upvote would be appreciated.
Reply

SamHTexas
Builder
‎09-27-2021 07:48 AM

I appreciate your help. I did watch conf19 posted. As far as apps. do I need both apps listed or just one? Which is your favorite? Does the app ask where to store the information being backed up?

Thanks a million.

Tags (1)
0 Karma
Reply

efavreau
Motivator
‎09-27-2021 09:05 AM

YMMV. Your cases aren't my cases, which is why I recommended not only the one I'm most familiar with, but the others that come up often. I do recommend you install and play with all of it in your dev environment, and figure out what meets your needs and wants. Then get rid of the rest. I recommend that you do not install things into your prod environment that you don't need. And to not seem evasive, I am satisfied between the services my admins (great people) provide and the solution dmarling and I presented. Our CYA solution scratches my exact itch, and has done so for years now. It also works in more than one Splunk product. Good luck on your journey!

###

If this reply helps you, an upvote would be appreciated.
Reply

dmarling
Builder
‎09-27-2021 06:40 AM

Additionally if you want a command line python script that can poll your splunk environment's api on some kind of cron to pull each object individually into git, you can do so with this script I wrote: https://github.com/paychex/splunk-python/tree/main/Splunk2Git

It is functionally similar to @gjanders app but doesn't involve installing an app if you have users who individually want to maintain their objects in whatever repository they want instead.

If this comment/answer was helpful, please up vote it. Thank you.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-27-2021 05:25 AM

If you're backing up $SPLUNK_HOME/etc then you have all of your KOs backed up.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...