Splunk Enterprise

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes?

SamHTexas
Contributor

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes? Please show steps. Are there more to backup on the Splunk enterprise or ES for daily / weekly back ups?

Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

The path is $SPLUNK_HOME/etc, where $SPLUNK_HOME normally is /opt/splunk or \Program Files\Splunk.

How to copy the directory will vary based on the tools at your disposal, company policy, etc. so exact steps can't be shown.  It could be as simple as creating a tarball, however.

tar -czf /tmp/splunk_etc_backup /opt/splunk/etc
---
If this reply helps you, an upvote would be appreciated.
0 Karma

SamHTexas
Contributor

Thank u sir for this. Are there any apps for such back ups? Also is the etc & the kvstore the only items to back up for basic backups? If yes, do I back up the etc & kvstore on each individual Splunk Ent. server? Thank u very much in advance.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not aware of apps for backing up Splunk, but there is at least one for backing up the KVStore in splunkbase.

Yes, backing up etc and kvstore is enough.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

SamHTexas
Contributor

Thanks Rich. I appreciate your response as always. So does the etc & KVstore need to be backed up from each Splunk server? to perform a basic backup? What else would u do for back up going a step above the basic backup? Thax

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!