All Apps and Add-ons

Can I use this app (VersionControl for Splunk) to backup splunk cloud configs? If I do not care about restoring them via app.

paliwalparitosh
Explorer

My environment has 1 HF which is pushing logs to splunkCloud.

I would like to take backup of all savedSearches.conf files in my splunk cloud whenever they are modified.

I am aware that splunkcloud limits the REST capabilities to modify config files but I am hoping if I can still use this app in HF to pull config changes from my cloud instance and push it to our git repository for tracing back any changes made to alerts in prod.

If I do not care about restoring them via app, I could do it manually via splunk cloud support.

0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

If you are using app Version Control For Splunk as in https://splunkbase.splunk.com/app/4355/ , or Chris Yonger's app Git Version Control for Splunk https://splunkbase.splunk.com/app/4182/ then both apps will have the same limitations with using the Splunk REST API in the Splunk cloud instance.

However, the app I created, Version Control For Splunk, is using python's json.dump() to store config, so if you are looking for a friendly human-readable backup of config I would look at Git Version Control for Splunk

Version Control For Splunk is designed for backup and restore so the stored configuration in git is not easily human readable.

View solution in original post

woodcock
Esteemed Legend

There is also a new app called Config Explorer:

https://splunkbase.splunk.com/app/4353/

chrisyounger
SplunkTrust
SplunkTrust

Unfortunately I doubt this app will be approved for Splunk cloud as it allows filesystem access. (but thanks for the mention 🙂

0 Karma

woodcock
Esteemed Legend

I missed the Splunk Cloud part. You are correct. This app will NEVER get approved.

0 Karma

gjanders
SplunkTrust
SplunkTrust

If you are using app Version Control For Splunk as in https://splunkbase.splunk.com/app/4355/ , or Chris Yonger's app Git Version Control for Splunk https://splunkbase.splunk.com/app/4182/ then both apps will have the same limitations with using the Splunk REST API in the Splunk cloud instance.

However, the app I created, Version Control For Splunk, is using python's json.dump() to store config, so if you are looking for a friendly human-readable backup of config I would look at Git Version Control for Splunk

Version Control For Splunk is designed for backup and restore so the stored configuration in git is not easily human readable.

paliwalparitosh
Explorer

Thank you gjanders.

I was able to add new input using GUI which worked as expected.
Your suggestion about taking human readable backup is also on point.

PS:
While adding new input via GUI, it does not allow to use useLocalAuth=true as it gives me an error. I was using local splunk install to test the app.

Also, I added following to python scripts to make it work: (as suggested by open issue in github)
os.unsetenv('LD_LIBRARY_PATH')

My host OS is : Ubuntu 16.04 64-bit

Thank you for your help.

0 Karma

gjanders
SplunkTrust
SplunkTrust

I'm unsure why the useLocalAuth did not work if you were using https://localhost:8089, that worked in testing although my prod are all search head clusters so they all run with remote URL's.

I've created this on the README.md file now:
"Troubleshooting

In some Linux OS distributions an error similar to OPENSSL_1.0.0 not found may appear, os.unsetenv('LD_LIBRARY_PATH') appears to fix this however AppInspect does not allow modification of OS environment variables.

If you have this issue please add this into the python files to workaround the problem as required, refer to this issue on github for more details"

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

Unfortunately you can't backup your Splunk cloud config using this app.

Potentially you could do something by running a search query and writing that to a lookup file on a regular basis?

Splunk already do their own backups anyway.

paliwalparitosh
Explorer

Hi Chris, I am hoping that I could install your app - "Git Version Control for Splunk" on one of the indexers on splunkcloud to take a btool dump and push it to our git repo every n seconds. It does not involve any REST API calls I think.

Don't you think it should work if splunkcloud allows me to install git on it? Can you share your views on it?

0 Karma

paliwalparitosh
Explorer

We just moved to cloud. Seems like splunk does not allow third party applications on SplunkCloud.
So I guess can't install git on splunkcloud.

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

I am sorry but the Splunk cloud team will never allow it to be installed... You are welcome to try though.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk Life | Splunk is Officially Part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint. Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...