Skip to content
/ splunk_frozen_db_restore Public

Script to restore splunk frozen databases that containt events in a specific timeframe

3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tuwid/splunk_frozen_db_restore

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

README.md

README.md

 
 

splunk_frozen_db_restore.py

splunk_frozen_db_restore.py

 
 

Repository files navigation

splunk_frozen_db_restore

Script to restore splunk frozen databases that containt events in a specific timeframe

Usage:

root@XXXXXX:~# python splunk_frozen_db_restore.py
We're using the default index path, for custom indexes please adjust the path variable here
Enter index:winevents_security
Enter start date: (eg 30.12.2015): 31.12.2015
Enter end date: (eg 30.12.2015): 01.01.2016
[+] Searching dates on index winevents_security
in /opt/splunk/var/lib/splunk/winevents_security/frozendb/
1451516400
1451602800
Got 313 elements from /opt/splunk/var/lib/splunk/winevents_security/frozendb/
Found : db_1452350660_1451453107_329
[+] Copying databases into thaweddb..
cp -R /opt/splunk/var/lib/splunk/winevents_security/frozendb/db_1452350660_1451453107_329 /opt/splunk/var/lib/splunk/winevents_security/thaweddb/
[+] Rebuilding DBs
splunkd fsck repair --one-bucket --include-hots --bucket-path=/opt/splunk/var/lib/splunk/winevents_security/thaweddb/db_1452350660_1451453107_329 --log-to--splunkd-log
root@XXXXXX:~#

About

Script to restore splunk frozen databases that containt events in a specific timeframe

Resources

Readme
Activity

Stars

3 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages