Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to backup config files?

gozdeyildiz
New Member
‎02-24-2020 02:56 AM

Him

What is the most convenient way to backup Splunk configuration file for different Splunk islands? We are migrating our customers to Splunk 8 and want to make sure that configuration is backed up periodically.

Can we use Splunk API for it?

Bests,

Labels (1)
Labels
Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎02-24-2020 05:24 AM

There are several approaches you can use, but at the most basic level:

Take a copy of $SPLUNK_HOME/etc This will include all your system and application config files and any user data or private searches, and (importantly) the splunk.secret and passwd files.

If you have a copy of ./etc you should have everything you need to restore an instance (other than indexed data)

You can't use the Splunk Rest API to perform a backup per-se, but you can use it to list it and help you figure out what needs to be exported.
See here for a great presentation, demo and example code from .conf 19 https://conf.splunk.com/watch/conf-online.html?search=FN1315#/

Finally there are a number of applications on splunkbase (or you can implement your own) to check the contents of a single app (or all apps, or all of ./etc) into git - or another code repository if you choose.
(first two apps) https://splunkbase.splunk.com/apps/#/search/git%20version%20control/

This is a nice approach as it will give you versioned files so you can track (and revert) changes over time. Useful if you have lots of users creating/modifying assets, and want to keep that flexibility whilst introducing some safeguards.

If my comment helps, please give it a thumbs up!
Reply

gerryha
Explorer
‎10-18-2022 01:12 PM

the link to FN1315 doesn't work anymore

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-18-2022 01:23 PM

GitHub link should work. See previous message.

0 Karma
Reply

efavreau
Motivator
‎02-24-2020 06:18 AM

@nickhillscpl Thank you for the recognition on FN1315!

@gozdeyildiz: @dmarling and I put in a ton of work to develop that solution and share it with the Splunk community. The Cover Your Assets presentation explains the genesis, assumptions, gotchas, and does a working demo. After watching it, grab the code on Paychex's Github: https://github.com/paychex/Splunk.Conf19/
If there's questions/comments/etc., @ mention us here on Splunk Answers.

###

If this reply helps you, an upvote would be appreciated.
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...