I am wondering if there is a version control system used by any of the splunk users for maintaining their artifacts like Splunk Dashboards, Reports and Alerts?
I understand most people used for the splunk configurations files. But the requirement we have is to maintain a version of the Dashboards and Reports or Alerts configurations. The expectation is use this as a roll back strategy, when some one changes a dashboard or alert or deletes them by mistake.
Can you some one provide some ideas on how this scenario is handled and how the dashboards and other search artifacts are backed up in their splunk environments
Thanks in Advance
On conf19 there was this presentation. Cover your assets. Another way to make backups.
(and Others) - A Paychex story
Industries: Not industry specific
Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit
Dustin Marling, Splunk App Developer, Paychex
Eric Favreau, Service Health Operations Analyst, Paychex
"Did we just lose ALL our knowledge objects? Do you know how much time and energy that was?" After a destructive resync, Paychex lost two months of its knowledge object creations/modifications. We learned to be prepared if it were to ever happen again. How? It's easier than you might think, and you don't have to be an admin. You’ll learn how to proactively save your work (dashboards, reports, data models, MLTK experiments, ITSI glass tables, macros, views, etc.) and audit changes when they occur. You will leave the session knowing how to manage the ever-increasing amount of things you create. You'll also have solutions that can save you time and effort from having to recreate lost/modified objects, including how to restore service faster. You also will come away with peace of mind knowing that you can take control of safeguarding and protecting your work, thereby covering your assets when a disaster happens.
I built an app for this called VersionControl For Splunk as per chrisyongerjds's link, the primary difference with the app I've built and the other two linked is that my app is built for backup and restore.
Note that as a result of using json.dump from python, what my app stores in git is not very friendly for a human to read, as it's literally the JSON-encoded strings of configuration.
Hi @dhineshsv ,
Hopefully one day Splunk will build native version control into the product. In the meantime, I have had good success by committing my entire
/etc/ folder into git on a regular and automated schedule. There are a few apps on Splunkbase that can do this automatic process for you:
With these, you can see the contents of a dashboard or conf file at a specific point in time.
I have deployed 'Git version control for Splunk' in a few large production environments now and it has been a huge help for knowing what has changed in an environment and for restoring accidentally deleted dashboards.
Hope this helps!
While both version control apps look great, they are not compatible for Splunk cloud - which is where they would all need to be, on the ES search head. Have you found any alternatives to those needing it on the cloud?
VersionControl for Splunk could likely be modified to be cloud compatible, however I would need someone to test it as I do not have a cloud instance...