Splunk - Rollback to Previous Version of "inputs.conf" File
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Splunk - Rollback to Previous Version of "inputs.conf" File3/20/2015 6:45:13 AM
2Splunk - Rollback to Previous Version of "inputs.conf" File3/25/2015 10:36:08 AM

Description

Used to revert back changes to "inputs.conf" on Splunk Forwarders.

This task is used in conjunction with the task found here: Splunk - Add "monitor" to Splunk Forwarders

Property Details

ID4008
StatusProduction - Fully Tested and Ready for Production
TitleSplunk - Rollback to Previous Version of "inputs.conf" File
DomainBESC
SourceInternal
Source Release Date3/9/2015 12:00:00 AM
Keywordssplunk forwarder, inputs.conf, inputs
Added by on 3/25/2015 10:36:08 AM
Last Modified by on 3/25/2015 10:42:06 AM
Counters 3060 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
if windows of operating system then exists file whose (name of it starts with "inputs.conf.bak.") of folder "C:\Program Files\SplunkUniversalForwarder\etc\system\local" else exists file whose (name of it starts with "inputs.conf.bak.") of folder "/opt/splunkforwarder/etc/system/local"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
//Query user for the change number used to make the change. This will define the specific inputs.conf file to revert back to.
action parameter query "rfcReference" with Description "Enter the change control number used to create the backup. (Example: CXXXXXXX)"

//Define path to inputs.conf file needing to be altered
if {name of operating system contains "Win"}
parameter "filePath"="C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"
elseif {name of operating system does not contain "Win"}
parameter "filePath"="/opt/splunkforwarder/etc/system/local/inputs.conf"
endif

//Check that a backup for that RFC number exists
continue if {exists file ((parameter "filePath" of action as string) & ".bak." & (parameter "rfcReference" of action as string))}

//Stop the Splunk service
if {name of operating system contains "Win"}
dos net stop splunkforwarder
elseif {name of operating system contains "Linux"}
delete __appendfile
appendfile service splunk stop
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
elseif {name of operating system contains "Sun"}
delete __appendfile
appendfile /opt/splunkforwarder/bin/splunk stop
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
endif

//Remove the current inputs.conf file and rename the backup
delete "{parameter "filePath" of action as string}"
move "{parameter "filePath" of action as string}.bak.{parameter "rfcReference" of action as string}" "{parameter "filePath" of action as string}"

//Clear any locked files
if {name of operating system contains "Win"}
dos "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" clean locks
elseif {name of operating system contains "Linux"}
delete __appendfile
appendfile ./splunk clean locks
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
elseif {name of operating system contains "Sun"}
delete __appendfile
appendfile /opt/splunkforwarder/bin/splunk clean locks
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
endif

//Start the Splunk service
if {name of operating system contains "Win"}
dos net start splunkforwarder
elseif {name of operating system contains "Linux"}
delete __appendfile
appendfile service splunk start
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
elseif {name of operating system contains "Sun"}
delete __appendfile
appendfile /opt/splunkforwarder/bin/splunk start
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
run "{(client folder of current site as string) & "/__appendfile"}"
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!