Create a script file splunk_backup.sh and add the content below. Create a Git-Repository, i.e. /opt/splunk_backup to store the configuration and upload the files to your Git-Server:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/bin/bash

# As far as the configs go, create a git repo in $SPLUNK_BACKUP (off box, hopefully) then add this cron job however often you want the configs backed up (hourly, daily, decade-ly)

SPLUNK_HOME=/opt/splunk
SPLUNK_BACKUP=/opt/splunk_backup

rsync -vaz $SPLUNK_HOME/etc/ $SPLUNK_BACKUP/;
cd $SPLUNK_BACKUP;

git add .;
git commit -a -m "Configs as of $(date)";
git push origin master;

# Then you can revert back to whatever version of your configs you want by looking through git log for the date you want to revert to, running git checkout $COMMIT, copying it to your indexer(s), and bouncing splunkd

Finally, add the Config-Script to crontab if you want to save your configuration periodically.

1
$ crontab -e

And append these line to your crontab.

1
2
3
# Georg@2017-06-07
# Sicherung der Splunk Config von Montag bis Freitag
0 6 * * 1-5 /opt/splunk_backup.sh > /dev/null 2>&1

You’re done!