A simple backup for Splunk. This program connects to a Splunk instance, using an admin enabled account, and transfers knowledge elements from the instance, storing them as XML files on your local system.
This program was written to allow us to commit changes made on our Splunk cloud instance into git (on a nightly basis), allowing a certain amount of source control.
To run the program, edit it providing details on how to connect to your splunk instance (search for the # CHANGE HERE comments in the code), then run with no parameters, e.g.:
$ python ./splackup.py
This has been tested on Python 2.7 using requests, xml, os, urllib2 and re libraries.
The code will produce a services and servicesNS directory in the current directory storing the elements. The elements will be named object-0.xml. At the moment the program only saves elements that return a single result, however it can be simply made to save list elements as well. If you modify
if searchSize==1:
to save lists (for example if searchSize>0), note that the file will be object-page.xml. where page size is defined by pageSize, so you may now see several object files on larger lists.
As we wish to send the data into git, we currently remove 2 elements:
<updated> ...</updated>
and
<s:key name="next_scheduled_time"> ... </s:key>
As these elements will vary even if the element has not been changed. If you don't need or want this, search for the lines containing start=re.sub and comment them out.
The init.sh and update.sh scripts are provided as examples of how you can use this program to backup to a git repo. You'll need to modify init.sh to contain the details of your repository, and also provide the git_dsa file needed to connect to your repository.
Please see CONTRIBUTING.md.
This is released under a modified version of the BSD licence. Please see LICENCE.md.