icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Git Version Control for Splunk
SHA256 checksum (git-version-control-for-splunk_126.tgz) c9215a4f7990cb307cf1bb67b674a960710fbdf3c60770adec12706974f4e2f0 SHA256 checksum (git-version-control-for-splunk_125.tgz) dd2a05561122b2518a12dbd6d47571696c03f57741053c996dea1cd28d081b42 SHA256 checksum (git-version-control-for-splunk_114.tgz) 9de67f1e1846559fd119f8d45e4be6fcce1ed801faba63d38d43f40cd9f942f0 SHA256 checksum (git-version-control-for-splunk_113.tgz) 0d26d292eeb7f6b099671f268ce1e6877a40c8b5baa87aadd064a389d3c29388 SHA256 checksum (git-version-control-for-splunk_112.tgz) 862a1c9819fa395c9ccc209ad62ca64dda3ac49554179eec99bf45b6d0395a17
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Git Version Control for Splunk

Overview
Details
Simple version control of Splunk. Zero-effort versioning of your dashboards, .conf changes, saved searches etc.

This Splunk app will use git to track file changes on a schedule. It can then optionally push the changes to an external repository. This app is useful if you want to know what and when files change in your environment. Unfortunately this app won't tell you "who" made a change - but typically you can get a pretty good idea with the help of Splunk audit logs etc.

Before each run, this app can run a btool dump of various conf files. This is important because individual savedsearches files reorder as they are updated through the UI, which makes diffs ugly. The btool dump is always in a consistent order.

When changes are detected, an email can be sent showing the list of changed files.

Sorry, does not work on Splunk Cloud.

https://github.com/ChrisYounger/git_for_splunk

This Splunk app is quite basic, it could have just been a cronjob :)
In a nutshell, it just runs the following commands:

  • git add --all
  • git commit -m "a reasonable, automatically generated message"
  • git push (optionally)
  • git log (so it can send an email)

As there are many unique and specific ways of creating git repositories, this app does not do that for you. You will also need to configure .gitignore file correctly. See the documentation below for suggestions on .gitignore files.

Source code | Feature requests and bugs | My other apps

Copyright (C) 2019 Chris Younger
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Brisbane Australia.

Typical Installation Instructions

These instructions are for *nix, but the windows commands should be very similar.

Start a shell as the user who runs Splunk.

Make sure git is installed, and install it if not

Change to the directory from where you would like to track changes:

cd /opt/splunk/etc/

Initialise an empty repository:

git init 

Configure user settings, specific to the repository:

git config user.email splunk@mycompany.com
git config user.name Splunk
git config push.default simple

If desired, connect the repository to a remote repository (adjust URL below as necessary). Of course it would be silly to push to a public repository on GitHub or something so definitely don't do that. About at this point, you might need to setup SSH keys.

git remote add origin ssh://__SOME_GIT_URL__.git

Create a .gitignore file. See 'Customisations' section below for recommendations on what should be in .gitignore.

vi /opt/splunk/etc/.gitignore

Commit the .gitignore file and push to the remote repo. On this step make sure the that the push can happen without requiring credentials. You should be using ideally SSH keys but credential cache with a very long expiry should work OK too.

git add .gitignore
git commit -m "initial check-in"
git push -u origin master

Now go into Splunk and configure the modular input. The easiest way is to navigate to Apps > 'Git for Splunk' > Inputs. If you have followed the instructions above, then the default Working Dir "etc/" and Repository dir ".git/" should be used.

Customisations

Gitignore

Most Splunk environments have a lot of lookup tables that change regularly. Use the following gitignores to first disable tracking all lookup tables, but then selectively add the files you do care about.

**/lookups/*
!apps/search/lookups/my_important_lookup.csv

If you dont want to store sensitive information to be sent to an external repo, you probably want to ignore these sort of files (and others).

etc/auth/
etc/passwd

Other things you will probably want to ignore just becuase they are low value or change regularly.

*.pyc
*.log
users/**/history/*
login-info.cfg
local.meta
ui-prefs.conf
telemetry.conf

This helpful Splunk Answers post has a sample gitignore file: https://answers.splunk.com/answers/216267/what-do-you-put-in-your-gitignore-file-for-a-syste.html

If you aren't sure what to ignore, start by having no gitignore file and leave git_for_splunk run for a week. Then look at the supplied dashboard to see which files have been changing the most frequently. You can then add your own rules, delete the whole repo and start again.

The following commands prevent a previously tracked file from being tracked anymore:

  • cd /opt/splunk/etc/
  • Update .gitignore to specify the file pattern to ignore.
  • git add .gitignore
  • git commit -m "Update gitignore file"
  • git rm -r --cached .
  • git add -A
  • git commit -am 'Removing ignored files'
  • git push

Store the git repository outside of the Splunk folder

This can be a good idea to ensure that Splunk upgrades cannot delete the repository or if you want to store on a different drive.

Create a folder to store the local repository. It may require a lot of space depending on how many files are in the Splunk /etc/ folder. The below steps should be completed first, before anything else.

mkdir /opt/splunk_git_repo

Setup GIT environment variables so GIT knows where the repository is stored (*nix):

export GIT_DIR=/opt/splunk_git_repo/
export GIT_WORK_TREE=/opt/splunk/etc/

Then you can continue with git init and the other commands from above.

Change the scheduled email alert to have a link to the changes

This addon comes with a helpful email Alert action. It will email you to tell you what files have changed.

  • Navigate to Apps > Git Version Control for Splunk > Alerts > Edit Alerts
  • Configure a "To" email address
  • If you are using an external repo such as BitBucket, GitLab, Gogs etc, you can edit the "Message" field and add a shortcut link to your external repo website. Be aware that the $body$ parameter will typically be the commit hash for the updated files so this should enable you to deep link into your repo's website.
  • Enable the Alert

Dealing with nested git repositories

Option 1) The best option is to alter your workflow in the nested repositories so that they store their .git folder out of the way.

Option 2) This would be dubious, but you can use git hooks to hide the nested .git folders.

Create pre-commit file under .git/hooks/ of your root repo with contents:

#!/bin/sh
mv "vendor/modulename/.git" "vendor/modulename/.git2"

Create post-commit file under .git/hooks/ also with contents:

#!/bin/sh
mv "vendor/modulename/.git2" "vendor/modulename/.git"

Edit the .gitignore file to ignore .git2 folder.

echo ".git2" >> .gitignore

You might also need to consider settings .gitignore to ignore nested .gitignore files (**/.gitignore). Alternatively, you could alter the hooks to move/restore nested .gitignore files.

More reading:

Release Notes

Version 1.2.6
Feb. 20, 2020

Python 3 fixes.
Better handling when there are no changed files
Error message fix

Version 1.2.5
Feb. 18, 2020

Python 3 fixes.
Better handling when there are no changed files

Version 1.1.4
Feb. 6, 2019
Version 1.1.3
Feb. 6, 2019
Version 1.1.2
Feb. 6, 2019
221
Installs
1,769
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.