Splunk Enterprise

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes?

SamHTexas
Builder

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes? Please show steps. Are there more to backup on the Splunk enterprise or ES for daily / weekly back ups?

Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

The path is $SPLUNK_HOME/etc, where $SPLUNK_HOME normally is /opt/splunk or \Program Files\Splunk.

How to copy the directory will vary based on the tools at your disposal, company policy, etc. so exact steps can't be shown.  It could be as simple as creating a tarball, however.

tar -czf /tmp/splunk_etc_backup /opt/splunk/etc
---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

Thank u sir for this. Are there any apps for such back ups? Also is the etc & the kvstore the only items to back up for basic backups? If yes, do I back up the etc & kvstore on each individual Splunk Ent. server? Thank u very much in advance.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not aware of apps for backing up Splunk, but there is at least one for backing up the KVStore in splunkbase.

Yes, backing up etc and kvstore is enough.

---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

Thanks Rich. I appreciate your response as always. So does the etc & KVstore need to be backed up from each Splunk server? to perform a basic backup? What else would u do for back up going a step above the basic backup? Thax

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...