Splunk® Phantom App for Splunk

Install and Upgrade the Splunk Phantom App for Splunk

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Phantom App for Splunk. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Backup and restore configuration files for Splunk Phantom App for Splunk

Instructions to backup and restore the Splunk Phantom App for Splunk configuration files.

Backup the Splunk Phantom App for Splunk configuration files

To backup the Splunk Phantom App for Splunk configuration files, save a copy of the /local directory on your Splunk instance. The default location is:

/opt/splunk/etc/apps/phantom/local

Restore the Splunk Phantom App for Splunk configuration files

Perform the following tasks to restore the Splunk Phantom App for Splunk configuration files.

  1. Install the latest version of the Splunk Phantom App for Splunk.
  2. On the Splunk platform, move the Splunk Phantom App for Splunk backup /local configuration files into the current /local directory.
    cp <path of backup>/*.conf /opt/splunk/etc/apps/phantom/local
  3. Restart the Splunk platform.
    /opt/splunk/bin/splunk restart
Last modified on 13 January, 2021
PREVIOUS
Use adaptive response relay to send notable events from Splunk ES to Splunk Phantom
  NEXT
Upgrade the Splunk Phantom App for Splunk

This documentation applies to the following versions of Splunk® Phantom App for Splunk: 2.7.5, 3.0.5, 4.0.10, 4.0.35


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters