{"id":31816519,"url":"https://github.com/splunk/splunkconf-backup","last_synced_at":"2025-10-11T09:55:51.144Z","repository":{"id":63144191,"uuid":"391055996","full_name":"splunk/splunkconf-backup","owner":"splunk","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-08T14:16:06.000Z","size":5590,"stargazers_count":12,"open_issues_count":1,"forks_count":9,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-08T16:19:13.127Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.txt","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-07-30T12:24:48.000Z","updated_at":"2025-10-08T14:16:10.000Z","dependencies_parsed_at":"2023-02-13T19:15:54.076Z","dependency_job_id":"b60c80cf-47b1-4a44-89e2-caea6a10ae12","html_url":"https://github.com/splunk/splunkconf-backup","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/splunkconf-backup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunkconf-backup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunkconf-backup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunkconf-backup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunkconf-backup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/splunkconf-backup/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunkconf-backup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006749,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-11T09:55:50.329Z","updated_at":"2025-10-11T09:55:51.130Z","avatar_url":"https://github.com/splunk.png","language":"Shell","readme":"Copyright 2022 Splunk Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\nContributor :\n\nMatthieu Araman, Splunk\n\nDISCLAIMER\n\nuse this content at your own risk \nmake sure your understand, evaluate and test things\nexpect possible customization effort to adapt terraforms to your cloud environnement\n \n\nThis git repo contains :\n\n- splunkconf-backup app\nthis app contains backup and purge scripts that by default do configuration, state and kvdump backups locally\nIn a cloud environnement properly configured (as in the terraforms), the app will fetch metadata from cloud and automatically push backup to remote object store so it can be used in case the instance has to be restored\nthis app is usually deployed on the non indexers components (as recreating a indexer doesnt need a backup)\nYou should plan some disk space appropriate for storing the last backups, extra copy + some space left to not block Splunk\nShould the space be reduced for any reason, the app will always try not to purge the latest backup of each type and will wait for space to be recovered to produce newer backups\n\nYou can tune the settings in the app configuration file (creating a local file)\n\nNote the app is automatically pushed and updated by the terraform recovery logic.\n\n- src\ncollection or install/check/upgrade and recovery scripts\n\nthe logic is user-data -\u003e cloud recovery -\u003e splunkconf-init\nthe cloud recovery will use backups when available\n\n- terraform \n\n\nyou can choose what to launch from a single instance to test, a deployment server (for example if the indexer/search layer is splunkcloud) , hf(s), and cluster/search head(s\n\nterraform for AWS that create cloud setup :\n- VPC\n- buckets for conf backups, install and smartstore \n- autoscaling groups\n- IAM\n- security group\n- ELB\n\nAMI can be :\nAWS1 (deprecated)\nAWS2 , RH/Centos 7/8\nNote that RH/Centos7 is working but the initial yum update is much slower than on more recent distributions\n\nDo NOT Try on Ubuntu/Debian, there is only partial support for debian at the moment in splunkconf-init\n\n- terraform-gcp\n\nversion for GCP \n(functional but less complete than AWS version at the moment , see README in directory)\n\nOS should be RH/Centos 7/8\n\n- system\npackage files for system (tar.gz deployed by the recovery, do not untar/retar outside of Linux , breaking permissions here may make your system unhappy (especially openssh))\n\n\ninstallation mode\n\n- systemd + WLM is automatically used when possible (ie all cases except AWS1)\n- partitionning for i3 ephemeral disks or gcp local ssd is automatically done\n- automatic additional swap adjustement depending on memory and disk space\n\n\nMove between prod and preprod \n- you can use tags to automatically take a backup from a prod env and inject it with dynamic conf update in a test env (depends on base apps usage)\nadditionally you need to make sure the test env is isolated (so for example there is no email alerts sent from test env to outside)\nThis functionality allow testing upgrades or other changes in a non prod env\n\n\n\n\nNote on requirements :\n\nthe terraform expects :\n- mapping between cloud zone and site id in Splunk (they are changed automatically depending where the indexer is started)\n- your Splunk configuration was made with base apps (at least for clustering and site)\n\n\nAt the moment, the terraform are provisioning the cloud infrastructure NOT the splunk configuration itself in general\n\nThe Splunk deployment in normal conditions (ie outside of failures events) is just behaving like a normal Splunk deployment (the cloud automation will recover from host or zone failures)\nThe usual requirements from Splunk on versions, upgrade requirements, configuration, apps and so are still applicable.\n\n\nDocs :\nDocs are currently spread over multiple parts in each directories\nThey are being moved and organized over https://github.com/splunk/splunkconf-backup/wiki as time goes\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunkconf-backup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fsplunkconf-backup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunkconf-backup/lists"}