icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading VersionControl For Splunk
SHA256 checksum (versioncontrol-for-splunk_116.tgz) 2c1c8ac7f706acbdffdb721dd64800a0606860c110094aeca1fce02c34332380 SHA256 checksum (versioncontrol-for-splunk_115.tgz) 8616c06a5b7e65070ac1a3ea988bdeaf58c49573ed05550a6084414f5b773d78 SHA256 checksum (versioncontrol-for-splunk_114.tgz) d77a0d0e8102ce34b76b9ecf53d2f18861df38365ec5e337a2be1567d3a4942d SHA256 checksum (versioncontrol-for-splunk_113.tgz) 0eca1eb6f8708db4f803e93455f78ffbb268c7e405b173fde1776955c6b833f1 SHA256 checksum (versioncontrol-for-splunk_112.tgz) e585cea480d7558b571c2a6bc2af8444d0a8e019ecb04dcf33de33f8ab580b75 SHA256 checksum (versioncontrol-for-splunk_111.tgz) 9363b316ea164f1875e53d5223ba9304652d46b06f2902d17f219ec7c9ca7bfc SHA256 checksum (versioncontrol-for-splunk_110.tgz) 24b2a3c1300fce43d2e9ec8b21427ed881634e47d57fadaa0e8c4271408068d0 SHA256 checksum (versioncontrol-for-splunk_1012.tgz) ea0ed0fa21e272c0ac756914bd27826286f9228bb877dd344c3919bc3b3fb8c7 SHA256 checksum (versioncontrol-for-splunk_1011.tgz) b08fe4f653d321095d0fd509cd078bde52d5b846b3ac3fe1c4a7e378460754cd SHA256 checksum (versioncontrol-for-splunk_1010.tgz) bf36a5088559926e018bb697d576c0abb2411b9e87c8a127c4671ab0ee50df76 SHA256 checksum (versioncontrol-for-splunk_109.tgz) c8cbba1ddac3bcb4f2cb0e9006d70b9202a9fbf57e80f131c367e850f3db1e67 SHA256 checksum (versioncontrol-for-splunk_108.tgz) 9e1e824f2f69154bf1e8f1d05874dc23ba1ced16a768aa1f166f9f6b01e3fca6 SHA256 checksum (versioncontrol-for-splunk_107.tgz) db8efb714cb9b087945051c82712cfcbd2f8ea37efd4ca0b1709908b26dd0150 SHA256 checksum (versioncontrol-for-splunk_106.tgz) ea004fbc6554e844445c00043e0ec5a24ba8c16c67986b4abff297f69b0027e9 SHA256 checksum (versioncontrol-for-splunk_105.tgz) 71e1682c4c2156d68db33f1a2b2af8131a7fed9fed7ab69e864c6abbfacedf81 SHA256 checksum (versioncontrol-for-splunk_104.tgz) 0343ed007e4bfa82d37625b10bebf4725ed6d93ba5c90f52b0670f105ed8091c SHA256 checksum (versioncontrol-for-splunk_103.tgz) e16ba9aa91bb36c36e74bc0cc4582f9738b1f39cd2f1340c7d3ebf7c55a81ca6 SHA256 checksum (versioncontrol-for-splunk_102.tgz) 4f18f35c9c575e65b18235714f6a3f98015d0512c5ba04561d52ee3e6118971d SHA256 checksum (versioncontrol-for-splunk_100.tgz) 306e908218837f8e227bdbe579b8b96883c2b7792c943ed3c73edfea3ccce770 SHA256 checksum (versioncontrol-for-splunk_008.tgz) d6b97a06bbfd5fb6464803ff766d253ac3098ed32009a6d16a8d53a14d2b4ba2 SHA256 checksum (versioncontrol-for-splunk_007.tgz) 3812010dc45dd61deb259fdab421d36d58eb8fe15d1c45d41b0916f13fadd9c7 SHA256 checksum (versioncontrol-for-splunk_006.tgz) c3bf456f9f049893a4583f37c4a07052127102c9f0c9f14b550ead8d6d4cd7f2 SHA256 checksum (versioncontrol-for-splunk_005.tgz) af0f88c95bf8d9132ab46ae31d61e34890b0c7b5e3d6d17fc7b5f93e461437b6 SHA256 checksum (versioncontrol-for-splunk_004.tgz) 38d65b7fe31eb6553708f6674865b3e6e9f71ef3b8db44231225d356f3b9eeb2 SHA256 checksum (versioncontrol-for-splunk_003.tgz) f89ab80fd0478c9d4a704b7dd79dd50a6f2d51fde0eeab2b4942763cc1fa1af3 SHA256 checksum (versioncontrol-for-splunk_002.tgz) d07d97b1ea8b5ee7fe52134da6f02ef3df28d797573aa3ba0c7bbd13a17694bd SHA256 checksum (versioncontrol-for-splunk_001.tgz) 474553de0a69b7f342f5dfc21bd980484641442e53c16dae551a2f7ecbc62767
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

VersionControl For Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
What does this app do?
This app allows you to back up and use git version control to manage your Splunk knowledge objects, such as saved searches, dashboards and macros

Why?
Splunk (as of the time of writing in January 2019) has no native ability to use version control on its knowledge objects. This can lead to issues where an object is accidentally changed or deleted and there is no way to restore them beyond using OS-level backups, which are difficult to use in a search head cluster.

How?
Through the REST API, note that this allows the application to remotely backup/restore search head clusters or standalone search heads

Splunk Version Control

What does this app do?

This app allows you to back up and use version control to manage your Splunk knowledge objects, such as saved searches and macros.

Why?

Splunk (as of the time of writing in January 2019) has no native ability to use version control on its knowledge objects. This can lead to issues where an object is accidentally changed or deleted and there is no way to restore them beyond using OS-level backups, which are difficult to use in a search head cluster.

How does the app function?

The app uses two modular inputs to back up and restore configurations, Splunk Version Control Backup (or splunkversioncontrol_backup) and and Splunk Version Control Restore (or splunkversioncontrol_restore).

The backup portion of the app provides a Splunk modular input with the ability to serialize various Splunk knowledge objects into JSON format, which is then stored in a remote git repository and tagged based on each change to the backup.

These two inputs do not have to be on the same machine, however, they must be pointing to the same git repository and the gitTempDir must be unique on the filesystem if sharing the same machine.

The restore portion provides a Splunk modular input and a dashboard (SplunkVersionControl Restore) that can be used to request the restoration of a knowledge object.

How do I restore a knowledge object?

Use the SplunkVersionControl Restore dashboard to request that a knowledge object be restored to a prior version. You must be the author of the knowledge objects you wish to restore, or have the admin role. The application with the knowledge object in it must still exist on the Splunk server.

There are two unique dashboards with two different restoration methods, the original version is described below:
When a knowledge object restore is requested the dashboard (SplunkVersionControl Restore) outputs the knowledge object information to a lookup with the definition splunkversioncontrol_restorelist. The modular input then triggers the restore based on the contents of this lookup, the modular input either creates or updates the knowledge object with the requested git tag, or logs the failure to find the object in the logs.

Note that the above option is the option used with Splunk Cloud, the below option can be used on on-prem instances...

The newer dynamic version follows a similar process, but instead of adding the knowledge object restore information to a lookup file it runs a Splunk custom command postversioncontrolrestore that hits a REST endpoint on either a local or a remote server.
The REST endpoint then performs a few functions:
- Queries the source system and passes in the authentication token of the current user, this includes restore information and the splunkversioncontrol_restore input stanza name
- The remote system then sends a query back to the source ip it received the request from, using the token to check the username logged in
- The remote system then looks up the login information for the relevant splunkversioncontrol_restore input stanza and runs a remote query against it
- The said remote query runs a saved search named Splunk Version Control Audit Query POST
- To prevent issues just before running the above query there is a sleep period involved (configurable via the splunk_vc_timeout macro)
- If the report confirms the relevant user did indeed request a restore of some kind, the restore continues
- The restore now followed the previous process from this point triggering a restore process
- If multiple users attempt to run the restore at the same time, one of them will receive an error to advise a restore is in progress and to try again later

Security Concerns

The ability to restore/create configuration opens up a few obvious issues:
- What if the lookup file storing the list of objects to restore and the user who is performing the restoration is manually edited to add additional rows?
- What if a user attempts to restore the objects of another user?
- What if a user attempts to restore an object but re-own it to a different user?

To address these issues, a report named "SplunkVersionControl Audit Query" runs a query against the audit logs to determine if the lookup was updated by the saved search "SplunkVersionControl AddToLookup". This audit query returns a username and a time (it looks back/forwards one second from when the lookup was created).

The restoration script then validates that the username entered in the lookup file and the time match those found in the audit log. If they do not match then the restoration is rejected.

If you are using the dynamic version of the restore dashboard (custom command postversioncontrolrestore, an alternative report named "Splunk Version Control Audit Query POST" runs to check the audit logs, this report determines if the restoration request was made by the user in question. The report returns 0 or more results and if it returns results for the particular user, the restore proceeds.

Due to the above there is the possiblity that multiple users may trigger a restore while a restore is in progress, a kvstore is used to prevent this from occurring and an additional restore attempt when the restore process is in progress results in an error message to try again.

If a user attempts to restore the objects of another user, or attempts to restore the objects as a different user, this is allowed if the user has the admin role (which is determined by the saved search "SplunkVersionControl CheckAdmin").

Why use a lookup file and not trigger a remote command execution?

A custom command named postversioncontrolrestore and the accompanying dashboard splunkversioncontrolrestore_dynamic were created for this purpose in version 1.0.7

However this version wil not work in Splunk Cloud as it would require connectivity to an on-prem instance that can perform the backup/restore modular input functions

What is required for this application to work with a remote git repository?

The following assumptions are made:
- git is accessible on the command line, this has been tested on Linux & Windows with git for Windows installed
- git is using an SSH-based URL and the remote git repository allows the machine running the SplunkVersionControl application to remotely access the repository without a username/password prompt (i.e. SSH keys are in use)
- git will work from the user running the Splunk process over SSH, note that on Windows this will be the system account by default, on Linux the splunk user

Do the modular input backup and restore tasks need to be on the same Splunk instance?

No. However, the backup/restore modular input must have access to its own git temporary directory on the OS filesystem, the temporary directory should be unique for both backup and restore operations

When will a full application backup occur?

During the first run of the script (at which point the lookup file is empty) all applications and all objects will be backed up.

During each subsequent run of the script, if an application is found in the Splunk system but not on the filesystem then the backup of all objects within that application will occur

Otherwise an incremental backup of knowledge objects occurs (see below)

What gets backed up on each modular input run (incremental runs)?

There are two searches used to determine "what" has changed since the last run of the modular input:
- SplunkVersionControl ChangeDetector Non-Directory
- SplunkVersionControl ChangeDetector Directory

These two searches are passed in an epoch value, they then return a list of applications and the type of config that has changed.

For example if application search has had macros changed, then all macros in the search app will be backed up, however the savedsearches/dashboards/et cetera will not be backed up unless at least one of them in that app has changed.

How does the version control work?

Each backup run that results in more than 0 file changes will auto-commit all changes into git and tag with the current date/time including the minute of the hour. This will create tags such as 2019-01-10_0136, these tags can later be used to "restore from" in the "SplunkVersionControl Restore" dashboard.

The tags are recorded by outputting the tag list into the lookup definition splunkversioncontrol_taglist within the app, this same lookup definition is read by the dashboard to list available tags to restore from.

How will the restore work?

The restoration is based on a git tag, the relevant tag is checked out on the filesystem after running a git checkout master; git pull command.

Once checked out, the app/user/global directories are checked (depending on which scope was requested) to see if there is a relevant config item to restore, if found the remote object is either updated with the contents of git or created if it does not exist. By default the knowledge object is created with the same username that was in the backup, however there is an option on the SplunkVersionControl Restore dashboard to override the user on restoration, this is only able to be done by a user with an admin role.

What other lookup files are used by the app?

  • splunkversioncontrol_globalexclusionlist, this lookup definition records a list of excluded applications
  • splunkversioncontrol_restorelist, this lookup definition records what must be restored by the restore modular input (this is used by the non-dynamic dashboard)
  • splunkversioncontrol_taglist, this lookup definition records the tags available in git

Where are the logs?

On a Linux-based system
- /opt/splunk/var/log/splunk/splunkversioncontrol_restore.log -- this log will contain information about the splunk restore modular input
- /opt/splunk/var/log/splunk/splunkversioncontrol_backup.log -- this log will contain information about the splunk backup modular input
- /opt/splunk/var/log/splunk/splunkversioncontrol_postversioncontrolrestore.log -- this log contains information about the | postversioncontrol command
- /opt/splunk/var/log/splunk/splunkversioncontrol_rest_restore.log -- log log contains information about hits to the REST endpoint /services/splunkversioncontrol_rest_restore

Or the internal index which also has these log files with the sourcetype splunkversioncontrol

Installation guide

Standalone instance

  • Install this application on the Splunk standalone instance, if you are going to access a remote instance please ensure you can access the remote instance on port 8089
  • Create a new git repo and initialise the repo (it can have a README or can it be empty, but it must be at a point where the master branch exists)
  • The server doing the git backup must have SSH access to the repo without a username/password (in other words you need to have the SSH key setup so a git clone/git checkout/git push) all work without a prompt for credentials as the OS user running Splunk (as the modular input will run as this user)
  • If running on a standalone server the modular inputs can be configured either on the current standalone server, or another remote server, the app will work either way
  • If errors are seen when creating the modular inputs see the troubleshooting below, or raise a question on SplunkAnswers for assistance
  • If you are running the newer splunkversioncontrol_restore_dynamic dashboard the macros splunk_vc_name, splunk_vc_url, splunk_vc_timeout may need customisation to match your environment. In particular the splunk_vc_name assumes you have called your SplunkVersionControlRestore modular input "Prod". See the macros section of this document for more information
  • Ensure the directory where the git repository will be cloned to is empty (i.e. the git clone can create it)
  • Ensure the git repository has at least 1 commit (i.e. it is initialized and a git checkout master will work if you clone the git repo)
  • When you create the Splunk Version Control Backup (via Settings -> Data Inputs -> Splunk Version Control Backup), click "More settings" and set the backup interval you would like (tags will only be created if config has changed within Splunk)
  • When you create the Splunk Version Control Restore (via Settings -> Data Inputs -> Splunk Version Control Restore), if you are using the newer splunkversioncontrol_restore_dynamic dashboard then you do not need to set a run interval, if you are using the older method you want to run this on an interval to check if the lookup file has been updated and if a restore is required...

Search head cluster (on prem)

  • Install the SplunkVersionControl application on the SHC via the deployer as normal but do not configure the modular inputs on the search head cluster
  • Run the modular inputs on a standalone instance using the above instructions, and set the srcURL and destURL to a search head cluster member (or a load balanced REST port of the SHC)

Splunk Cloud

  • Install this application as per the standalone instance documentation above onto a non-SplunkCloud instance, install the VersionControl For SplunkCloud on the SplunkCloud instance
  • Note that in SplunkCloud the only option is the splunkversioncontrol_restore dashboard, the dynamic dashboard cannot be used in SplunkCloud
  • Configure the remoteAppName within the Splunk Version Control Backup & Splunk Version Control Restore modular inputs to "SplunkVersionControlCloud"

How do I initialize a git repository?

github and other websites may offer to initlize the repository for you, if they do not the steps are usually similar to:
- git clone git@<website>:testing.git
- cd testing
- touch README.md
- git add README.md
- git commit -m "add README"
- git push -u origin master

There are also many online resources to help with learning git

What do the parameters do?

Please refer to github or the README.md for the details

Additional notes

To get passwords into or out of the passwords.conf you may wish to use https://splunkbase.splunk.com/app/4013/

The context of the application name (default of SplunkVersionControl) will be checked first for the password, if that fails a query to all contexts /-/-/ will occur, realms will be ignored, only the name of the password is used for searching so any realm (or lack of realm) will work for storing the password

Macros

The following macros exist and are relate to the splunkversioncontrol_restore_dynamic dashboard
- splunk_vc_name - this macro is the name of the splunkversioncontrol_restore modular input name on the remote (or local) system where the restore occurs
- splunk_vc_url - this macro is the URL endpoint of the remote system, defaults to https://localhost:8089/services/splunkversioncontrol_rest_restore, you will need to change this if you have a remote instance performing the backup/restore operations, for example if you are on a search head cluster
- splunk_vc_timeout - this is the time delay between triggering the remote command and waiting for the _audit index to catchup with a log entry to advise the command was run, if set too short the restore may fail because the | postversioncontrolrestore search has not appeared in the _audit index yet

Troubleshooting

In some Linux OS distributions an error similar to OPENSSL_1.0.0 not found may appear, os.unsetenv('LD_LIBRARY_PATH') appears to fix this however AppInspect does not allow modification of OS environment variables.

If you have this issue please add this into the python files to workaround the problem as required
Refer to this issue on github for more details

Note that you can run this from the command line if the logs are not getting populated:

splunk cmd splunkd print-modinput-config splunkversioncontrol_backup splunkversioncontrol_backup://<your_input_name_goes_here>

Finally the log files are mentioned under the "Where are the logs?" section of this document

Problems with the Splunk Version Control Restore or Splunk Version Control Backup modular input

Both inputs follow a similar validation process:
- Run a request against <srcURL>/servicesNS/nobody/<remoteAppName>/search/jobs/export?search=makeresults (where remoteAppName is SplunkVersionControl unless specified)
- Run the OS command (as the user running splunk) git ls-remote <gitRepoURL>
- If the above fails attempt to run ssh -n -o \"BatchMode yes\" -o StrictHostKeyChecking=no <gitRepoURL>
- If the previous step was required re-attempt the git ls-remote step again

In 7.3.0 the Splunk process will kill -9 the modular input if it takes more than 30 seconds, if this occurs you can bypass validation by updating the inputs.conf file manually

Will this work on a search head cluster?

Yes but do not configure the modular inputs to run on the search head cluster, modular inputs run on each member at the same time which would not work well. What you want to do is configure a standalone server with the modular inputs for backup/restore and set the srcURL/destURL to the remote search head cluster member (or load balanced URL) on the REST port.

This would allow the modular inputs to run backup/restore and any customers to use the dashboard on the search head cluster member to request restoration of a knowledge object

Can I use this application on Windows?

Yes, please refer to the full README.md or github for all the details

Can I use this on a Splunk Cloud instance?

This application, no. But this application can be used to backup a SplunkCloud instance from a remote Splunk instance, the same remote instance could also be used to restore to the SplunkCloud instance.

To do this you will need to install Version Control For SplunkCloud on your SplunkCloud instance, and setup this application on a remote instance configuring an interval for both the Splunk Version Control Backup and Splunk Version Control Restore modular inputs

SplunkBase Link

VersionControl For Splunk

VersionControl For SplunkCloud (stripped down version of this app for SplunkCloud)

Github Links

SplunkVersionControl github

SplunkVersionControlCloud github

Release Notes

1.1.4

Created inputs.conf to pass app inspect and force python 3 by default

1.1.3

password: syntax did not work if using a dynamic/REST based restore, now supported

1.1.2

Found a bug that stops this running on Splunk 8 / python 3

1.1.1

Corrected useLocalAuth setting so that it works as expected

Corrected imports so that post version control method works as well as the cloud version

1.1.0

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf instead of plain text passwords
- Proxy support
- Re-wrote the runOSProcess function so that it works on Windows as expected

The README.md has had various updates including more details around setup and how this was tested on Windows

Release Notes

Version 1.1.6
Sept. 25, 2020

Updates include:
Allow the backup process to run on search head clusters for those that wish to do this...
Corrected a bug where the lookup could be updated even if the git check-in failed
Updated python SDK to 1.6.14

Version 1.1.5
Aug. 13, 2020

Version 1.1.5 corrects a minor issue the removal of the git temp directory
Version 1.1.4 and 1.1.3 allow password: to be used in dynamic/rest restore
Version 1.1.2 fixes an issue in python 3 / Splunk 8

Corrected useLocalAuth setting so that it works
Corrected imports so that post version control method works as well as the cloud version

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all
- Support passwords.conf
- Proxy support
- Re-wrote runOSProcess

Version 1.1.4
July 14, 2020

Version 1.1.4 and 1.1.3 allows password: to be used in dynamic/rest restore
Version 1.1.2 fixes an issue in python 3 / Splunk 8

Previous release notes:
Corrected useLocalAuth setting so that it works
Corrected imports so that post version control method works as well as the cloud version

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf
- Proxy support
- Re-wrote runOSProcess function

Version 1.1.3
July 14, 2020

Version 1.1.3 allows password: to be used in dynamic/rest restore
Version 1.1.2 fixes an issue in python 3 / Splunk 8

Previous release notes:
Corrected useLocalAuth setting so that it works
Corrected imports so that post version control method works as well as the cloud version

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf
- Proxy support
- Re-wrote the runOSProcess function

Version 1.1.2
July 10, 2020

Version 1.1.2 fixes an issue in python 3 / Splunk 8

Previous release notes:
Corrected useLocalAuth setting so that it works as expected
Corrected imports so that post version control method works as well as the cloud version

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf instead of plain text passwords
- Proxy support
- Re-wrote the runOSProcess function

Version 1.1.1
June 18, 2020

Corrected useLocalAuth setting so that it works as expected
Corrected imports so that post version control method works as well as the cloud version

Version 1.1.0 release notes:
Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf instead of plain text passwords
- Proxy support
- Re-wrote the runOSProcess function so that it works on Windows as expected

The README.md has had various updates

Version 1.1.0
June 9, 2020

Now tested on Windows and Splunk Cloud (note this version of the app is not installed on SplunkCloud, the VersionControl for SplunkCloud is the app to install on the SplunkCloud instance, this variation of the app includes only what is required to remotely backup/restore a SplunkCloud instance

This app is still used for SplunkCloud instances, but this app is installed on-prem

Updates include:
- Updated python SDK to 1.6.13
- New options in both backup & restore so that you can specify the location of the git / SSH command
- The ability to only backup particular apps by default rather than to backup all and rely on an exclusion list (appsList)
- Support for passwords.conf instead of plain text passwords
- Proxy support
- Re-wrote the runOSProcess function so that it works on Windows as expected

The README.md has had various updates including more details around setup and how this was tested on Windows

Please refer to https://splunkbase.splunk.com/app/5061/ for the SplunkCloud version of this app

Version 1.0.12
May 14, 2020

Fixed missing sys import from splunkversioncontrol_rest_restore.py
Updated README.md instructions
Updated python SDK to version 1.6.12
Updated inputs.conf.spec and restmap.conf to specify python3 as the default version to pass appinspect

Version 1.0.11
March 12, 2020

Corrected errors in the import of the six library which stopped this from working
Minor updates to README.md

Version 1.0.10
March 8, 2020

Changed import to use local Splunk python SDK to ensure this works on older Splunk versions
Added the (experimental) apps list option to attempt to make this work with Splunk Cloud instances

Version 1.0.9
Oct. 31, 2019

1.0.9 provides python 3 / Splunk 8 support (no other changes), and fixes a bug in 1.0.8

Version 1.0.7 has a few major changes:
- Restoration immediately after clicking the restore button
- The previous lookup file method remains supported, the splunkversioncontrol_restore modular input must still exist, but it is not required to run on a schedule
- Changes to the way the OS processes are executed in python which makes it more reliable during validation of the modular inputs
- Improved logging

The new dashboard splunkversioncontrol_restore_dynamic is now the default dashboard is an alternative to the splunkversioncontrol_restore dashboard which remains lookup based (the latter dashboard assumes the splunkversioncontrol_restore modular input is running on a schedule

Note that if you are running this app on a search head cluster, and restoring from a different server you may wish to remove the files:
- web.conf
- restmap.conf
from the default directory, this removes the ability to trigger a remote restore

Version 1.0.8
Oct. 29, 2019

1.0.8 provides python 3 / Splunk 8 support (no other changes)

Version 1.0.7 has a few major changes:
- Restoration immediately after clicking the restore button
- The previous lookup file method remains supported, the splunkversioncontrol_restore modular input must still exist, but it is not required to run on a schedule
- Changes to the way the OS processes are executed in python which makes it more reliable during validation of the modular inputs
- Improved logging

The new dashboard splunkversioncontrol_restore_dynamic is now the default dashboard is an alternative to the splunkversioncontrol_restore dashboard which remains lookup based (the latter dashboard assumes the splunkversioncontrol_restore modular input is running on a schedule

Note that if you are running this app on a search head cluster, and restoring from a different server you may wish to remove the files:
- web.conf
- restmap.conf
from the default directory, this removes the ability to trigger a remote restore

Version 1.0.7
Sept. 11, 2019

This version has a few major changes:
- Restoration immediately after clicking the restore button rather than using lookup files
- The previous lookup file method remains supported, in fact the splunkversioncontrol_restore modular input must still exist, but it is not required to run on a schedule
- Changes to the way the OS processes are executed in python which makes it more reliable during validation of the modular inputs
- Improved logging, in particular relating to the validation procedure

The new dashboard splunkversioncontrol_restore_dynamic is now the default dashboard is an alternative to the splunkversioncontrol_restore dashboard which remains lookup based (the latter dashboard assumes the splunkversioncontrol_restore modular input is running on a schedule

Note that if you are running this app on a search head cluster, and restoring from a different server you may wish to remove the files:
- web.conf
- restmap.conf
from the default directory, this removes the ability to trigger a remote restore

Version 1.0.6
Aug. 29, 2019

Dashboard backups no longer include version attribute (appears on some dashboards and prevents restoration)
Updated README.md to include an installation and troubleshooting guide

Version 1.0.5
July 18, 2019

Additional tweak to handle first run of the backup modular input when backing up macros
Changes to the code to wipe the git directory re-clone on failure in both the clone failure & checkout master / git pull scenarios

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 1.0.4
April 6, 2019

Minor changes to the code to wipe the git directory re-clone on failure in both the clone failure & checkout master / git pull scenarios

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 1.0.3
March 19, 2019

Version 1.0.3, correction for first backup run to check that lastRunEpoch is None
Mild tweaks to logging to handle failures in the saved searches

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 1.0.2
Feb. 22, 2019

Version 1.0.1/2, have improvements to logging for updated objects only, no functional changes
Version 1.0.0, improvements to logging for git related errors and auto-wipe of the git repo on failure (this handles corruption of git repos on disk)
Version 0.0.7, change of app icons only, no functional changes
Version 0.0.6, adds the sort_keys option into the python code, this should ensure the output files for git are in a consistent order (previously random). The goal is to reduce the git repository size increase over time
Added Troubleshooting section in details/README.md about "OPENSSL not found" issues on Ubuntu

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 1.0.0
Feb. 13, 2019

Version 1.0.0, improvements to logging for git related errors and auto-wipe of the git repo on failure (this handles corruption of git repos on disk)
Version 0.0.7, change of app icons only, no functional changes
Version 0.0.6, adds the sort_keys option into the python code, this should ensure the output files for git are in a consistent order (previously random). The goal is to reduce the git repository size increase over time
Added Troubleshooting section in details/README.md about "OPENSSL not found" issues on Ubuntu

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.8
Feb. 13, 2019

Version 0.0.8, improvements to logging for git related errors
Version 0.0.7, change of app icons only, no functional changes
Version 0.0.6, adds the sort_keys option into the python code, this should ensure the output files for git are in a consistent order (previously random). The goal is to reduce the git repository size increase over time
Added Troubleshooting section in details/README.md about "OPENSSL not found" issues on Ubuntu

Version 0.0.5, increased the timeouts for git commands to 120 seconds instead of 30 seconds as it was too short for larger repositories

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.7
Feb. 12, 2019

Version 0.0.7, change of app icons only, no functional changes
Version 0.0.6, adds the sort_keys option into the python code, this should ensure the output files for git are in a consistent order (previously random). The goal is to reduce the git repository size increase over time
Added Troubleshooting section in details/README.md about "OPENSSL not found" issues on Ubuntu

Version 0.0.5, increased the timeouts for git commands to 120 seconds instead of 30 seconds as it was too short for larger repositories

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.6
Feb. 8, 2019

Version 0.0.6, adds the sort_keys option into the python code, this should ensure the output files for git are in a consistent order (previously random). The goal is to reduce the git repository size increase over time
Added Troubleshooting section in details/README.md about "OPENSSL not found" issues on Ubuntu

Version 0.0.5, increased the timeouts for git commands to 120 seconds instead of 30 seconds as it was too short for larger repositories

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.5
Jan. 31, 2019

Version 0.0.5, increases the timeouts for git commands to 120 seconds instead of 30 seconds as it was too short for larger repositories

Testing for this app has been completed on dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few other misc types.

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.4
Jan. 22, 2019

Version 0.0.4, this has been tested and working on the knowledge objects I have tested so far (backup & restore), this includes dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few others.
Additional features from 0.0.3 include the help menu on the Splunk Version Control Restore dashboard
And the addition of the Knowledge objects by app dashboard

Testing has been completed on 7.0.x and 7.2.x, I believe this will work just fine on 6.6 but if it does not let me know

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.3
Jan. 18, 2019

Version 0.0.3, this has been tested and working on the knowledge objects I have tested so far (backup & restore), this includes dashboards, savedsearches, eventtypes, datamodels, fieldaliases, navmenus (update only) and a few others.

Testing has been completed on 7.0.x and 7.2.x, I believe this will work just fine on 6.6 but if it does not let me know

If there are any issues either open a request via github or contact me on SplunkBase

If you like this app you may also be interested in Alerts For Splunk Admins https://splunkbase.splunk.com/app/3796/

Contributions welcome!

Version 0.0.2
Jan. 17, 2019

Version 0.0.2, this has been tested and working on the knowledge objects I have tested so far (backup & restore)
Testing has been completed on 7.0.x and 7.2.x, I believe this will work just fine on 6.6 but if it does not let me know

Version 0.0.1
Jan. 12, 2019

Version 0.0.1, this has been tested and working on my current instance but may require further tweaking
Note testing has been completed on 7.0.x and 7.2.x, I believe this will work just fine on 6.6 but if it does not let me know

131
Installs
1,306
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.