Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes?

SamHTexas
Builder
‎04-18-2021 11:37 AM

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes? Please show steps. Are there more to backup on the Splunk enterprise or ES for daily / weekly back ups?

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-22-2021 09:57 AM

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎04-18-2021 02:04 PM

The path is $SPLUNK_HOME/etc, where $SPLUNK_HOME normally is /opt/splunk or \Program Files\Splunk.

How to copy the directory will vary based on the tools at your disposal, company policy, etc. so exact steps can't be shown.  It could be as simple as creating a tarball, however.

tar -czf /tmp/splunk_etc_backup /opt/splunk/etc
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

SamHTexas
Builder
‎04-18-2021 02:13 PM

Thank u sir for this. Are there any apps for such back ups? Also is the etc & the kvstore the only items to back up for basic backups? If yes, do I back up the etc & kvstore on each individual Splunk Ent. server? Thank u very much in advance.

Tags (1)
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎04-18-2021 05:47 PM

I'm not aware of apps for backing up Splunk, but there is at least one for backing up the KVStore in splunkbase.

Yes, backing up etc and kvstore is enough.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

SamHTexas
Builder
‎04-22-2021 07:17 AM

Thanks Rich. I appreciate your response as always. So does the etc & KVstore need to be backed up from each Splunk server? to perform a basic backup? What else would u do for back up going a step above the basic backup? Thax

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-22-2021 09:57 AM

Yes, each Splunk instance must be backed up separately. 

That's all I would do, but my failure tolerance is pretty high.  I've been to sites where they've set up automatic commits to git for every config file and dashboard.  It's cool and it did come in handy at least once, but that may be too much for most customers.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...