This documentation does not apply to the most recent version of Splunk® Phantom App for Splunk.
For documentation on the most recent version, go to the latest release.
Backup and restore configuration files for Splunk Phantom App for Splunk
On Splunk Enterprise, you can backup and restore the Splunk Phantom App for Splunk configuration files in case you encounter any problems with the upgrade process overwriting your existing configuration files.
Backup the Splunk Phantom App for Splunk configuration files
To backup the Splunk Phantom App for Splunk configuration files, save a copy of the /local directory on your Splunk Enterprise instance. The default location is:
/opt/splunk/etc/apps/phantom/local
Restore the Splunk Phantom App for Splunk configuration files
Perform the following tasks to restore the Splunk Phantom App for Splunk configuration files.
- Install the latest version of the Splunk Phantom App for Splunk.
- On Splunk Enterprise, move the Splunk Phantom App for Splunk backup
/localconfiguration files into the current/localdirectory.cp <path of backup>/*.conf /opt/splunk/etc/apps/phantom/local
- Restart Splunk.
/opt/splunk/bin/splunk restart
Last modified on 27 May, 2021
| Configure how Splunk Phantom and Splunk SOAR handle multivalue fields in Splunk ES notable events | Troubleshoot the Splunk Phantom App for Splunk |
This documentation applies to the following versions of Splunk® Phantom App for Splunk: 4.1.3
Download manual
Feedback submitted, thanks!