I copied this from a great post: Which server do I run this on & how do I execute this script to back up configuration file. Thank u
ou can compress $SPLUNK_HOME/etc/ and keep backup of compressed file. A simple shell script can do this and you can schedule it for every 24 hours using cron.
/backup.sh
#!/bin/bash TIME=`date +%b-%d-%y` # This Command will read the date. FILENAME=splunk-configs-backup-$TIME.tar.gz # The filename including the date. SRCDIR=/opt/splunk/etc # Source backup folder. DESDIR=/backup # Destination of backup file. tar -cpzf $DESDIR/$FILENAME $SRCDIR
Cron expression:
00 04 * * * /bin/bash /backup.sh
This will run the script every day at 04:00:00.
Run the script on every instance you want to back up. The script only works on the system it runs on.
Sir, one more question please. Are the following all you'd also believe that need backing up on each Splunk server?
1. etc folder on each box
2. configuration on each box
3. kvstore on each box (currently we only have kvstore on the ES). Thank u in advance as always.
It depends on the reason for the backup, but for routine purposes those are enough. Of course, the Splunk configuration is stored in /opt/splunk/etc so #2 is a little redundant if it's meant to include only the Splunk configuration.
Run the script on every instance you want to back up. The script only works on the system it runs on.