Hi. We are thinking about how to do configuration management for our Splunk instance. What we need is to be sure that we can fully rebuild Splunk in case of server problems, migration, etc. I mean, can I save every configuration and saved searches/views/navigation/reports?. Our first attempt was to commit into SVN this folders: etc & share.
PS: We're not trying to do a database backup, but configurations, settings and so.
Generally creating a regular backup of the $SPLUNK_HOME/etc directory should be sufficient. All configurations, saved searches, views, ... are located there. Using Subversion for the etc directory would work as well.
Regular backup will not work in case you overide files and you want to earliar/previous file, in svn you can get all previous files so put your files in svn if you want previous version of configuration files...
-Kamal Bisht
Generally creating a regular backup of the $SPLUNK_HOME/etc directory should be sufficient. All configurations, saved searches, views, ... are located there. Using Subversion for the etc directory would work as well.
The only things in share
that would normally edited or site-specific would be SSL certificates for the Splunk web interface if you are using those.