Splunk® Business Flow (Legacy)

Admin Manual

Acrobat logo Download manual as PDF


Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.
Acrobat logo Download topic as PDF

Back up and restore your SBF registration information

After you install the Splunk Business Flow (SBF) app, you can generate a ZIP file to back up the SBF registration information.

Why backup your Registration information?

Backing up your registration information allows you to restore the app on the existing search head or migrate it to a different search head. Suppose you have more than one search head in your deployment. For example, as a Splunk administrator, you might want to try out the SBF app on one search head before migrating it to another search head with more users.

What's in the backup file?

The backup file sbf_backup.zip contains your SBF registration information: the tenant ID, registration ID, PEM files, PEM password, and the SBF production environment URL. The backup file does not contain any event data or Flow Model definitions. The registration data includes a public and private key pair that is used to authenticate and encrypt the server-to-server communication between your Splunk search head and the Splunk Business Flow Hosted Environment.

What happens when you back up and restore your SBF registration information on a search head cluster

The following example outlines what happens when you back up and restore your SBF registration information on a search head cluster. If you use a Deployer, you might not need to install SBF on more than one search head. To see if this applies to you, see Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search Manual.

Suppose you are a business analyst at the fictitious Buttercup Games company. Your company's Splunk deployment has two search head clusters, one for development and one for production. Each cluster contains three search heads. You have installed the app on one search head in the development cluster and backed up your SBF registration information. In the production cluster, SBF is installed on two search heads.

After trying out the app on the development search head, you decide to migrate the SBF app to the production search head cluster. You install the SBF app on two search heads in the production cluster. You need to restore your registration information on only one search head in the production cluster. After you perform the restore, both installations of the SBF app in the production cluster contain your SBF registration information.

The following diagram illustrates a high-level overview of your Splunk deployment and the back up restore process at Buttercup Games. There are two clusters: a development cluster and a production cluster each of which contain three search heads. In the development cluster, SBF is installed on search head. In the production cluster, SBF is installed on two search heads. Even though there are two installations of SBF in the production cluster, you only need to perform the restore once.

Back up your registration information

Generate the sbf_backup.zip file to back up your registration information.

Prerequisites Set the $SPLUNK_HOME environment variable if it hasn't been set already. To check if the environment variable is set up and to set the path, see Set $SPLUNK_HOME in the Splunk Dev portal.

Store the backup file securely because it contains sensitive information.

Steps

  1. In the command line, enter the following with your file path <YOUR_ZIP_PATH>:
    $SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/splunk-business-flow/sbf_backup.py backup <YOUR_ZIP_PATH>
  2. Confirm the Splunk admin REST URL localhost:8089
  3. Enter your Splunk admin username and password.
    The script returns the path of the backup file sbf_backup.zip.

Restore your SBF registration information

After you generate the sbf_backup.zip you can restore your SBF registration information on the same search head or migrate it to a different search head.

Steps:

  1. (Optional) Copy the sbf_backup.zip file path to the desired directory to migrate your SBF registration information to a different Splunk search head than where you originally registered it.
  2. In the command line, enter the following with your file path <YOUR_ZIP_PATH>:
    $SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/splunk-business-flow/sbf_backup.py restore <YOUR_ZIP_PATH>
  3. Enter your Splunk admin username and password.
    If the reset is successful the script returns the following statement: Done performing restore.
Last modified on 21 January, 2020
PREVIOUS
Configure Splunk Business Flow 		  NEXT
Upgrade Splunk Business Flow

This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters