Splunk Phantom backup tools
Use the ibackup.pyc tool to create, manage, and restore backups.
Logs for each run of the tool are written to /var/log/phantom/backup/backup.log.
Completed backups are stored in <PHANTOM_HOME>/phantom/data/backup.
If you are using an unprivileged installation, the logs are written to <PHANTOM_HOME>/var/log/phantom/backup/backup.log.
You can find a repository of staging files for the PostgreSQL database backup in <PHANTOM_HOME>/data/ibackup/repo/pg.
ibackup.pyc arguments
The following table shows the ibackup.pyc arguments:
| Argument | Description |
|---|---|
| -h, --help | Shows the ibackup.pyc tool help message and exits. |
| --setup | Prepares the instance or cluster for backup and restore. |
| --max-cores <value> | Specifies the maximum number of processing cores allowed for database backup and restore operations. The default value is two cores. |
| --backup | Performs a backup. |
--restore <path/to/backup/>
|
Performs a restore. You must provide a path to the the last backup tar file to perform a restore. |
| --set-pgbackrest-repo <path to repository> | Sets the path of the pgbackrest repository. |
| --backup-components | Selectively backs up specific Phantom components. The default is all components.
You must specify the same components for For example: |
| --config-only | Backups include only configuration data. This always creates a full backup of configuration data. Incremental backup of configuration data is not supported.
Using the |
| --restore-components <components> | Selectively restores specific Phantom components. The default is all components.
The following components are valid components:
For example: |
| --list-backups | Lists existing backups and their state. Use with --verbose for more detailed output.
|
| --delete-all | Deletes all backups. This action is irreversible. |
| --delete-backup-group <group number> | Deletes a full backup group. Takes an integer that represents the backup group to delete. |
| --version | Shows the ibackup.pyc tool version number and exit. |
--backup-path <path/to/store/backups>
|
Overrides the default backup path <PHANTOM_HOME>/phantom/data/backup. Takes a directory path for the directory where backups will be stored.
|
| --backup-type <full,incr> | Backup type. Using "full" creates a new full backup. Using "incr" creates an incremental on top of the current full backup.
If no full backup is taken and "incr" is given, the backup type defaults to "full". The default option if none is specified is "incr". |
| --set-full-backup-limit <value> | Sets the maximum number of full backups allowed at once. Automatically rotates once the limit is reached. |
| --verbose | Writes debug-level log information to the console. |
| --list-settings | Lists the current settings for ibackup. |
| --no-prompt | Automatically responds with "yes" to all prompts from ibackup. |
| The following option has been removed. | |
| --force-pg-stop-backup | Runs pg_stop_backup against the current PostgreSQL database.
|
| Restore from a backup | Use ibackup.pyc with warm standby |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10, 4.10.1, 4.10.2, 4.10.3
Download manual
Feedback submitted, thanks!