Releases: gjanders/SplunkVersionControl
1.2.8
1.2.7
1.2.6
1.2.5
Updates to:
splunkversioncontrol_backup_class.py
splunkversioncontrol_restore_class.py
To remove passwords in more cases
Updates to dashboards:
splunkversioncontrol_restore.xml
splunkversioncontrol_restore_dynamic.xml
To provide a drop down list of available knowledge objects in addition to the text field option
Updated reports:
SplunkVersionControl CheckAdmin - simplified to use the Splunk users list
splunk_vc_kom_audit_summary - updated to ignore the manager URI's and handle proxied REST calls from the KOM report
1.2.4
Updated splunk_vc_kom_audit_summary report
Added i=StanzaName to the indexed data when running the audit query
Now attempting to hide (most) passwords from the logs by default (for example when an OS error occurs don't print the stdout including the password in use)
git diff now uses --no-pager to prevent trucation of the diff command with -U0 (no context)
New options:
disable_file_deletion - do not delete files in remote git repo that are not found during backup, useful for testing
use_wdiff - sends the output of the diff command to Unix command wdiff to provide a nicer diff output
Updated report:
SplunkVersionControl ChangeDetector Non-Directory now excludes the CIM Risk and Incident_Management datamodels as they update very frequently with close to zero changes (calculationId changes only)
1.2.3
1.2.2
This version includes a few changes, these include two new parameters on the version control backup:
run_ko_query - if enabled this runs a Splunk savedsearch and adds the additional information of tag=git_tag_name into the output of the modular input which is then indexed
run_ko_diff - if enabled in combination with run_ko_query this additionally adds a diff=git_difference_result from comparing the new version with HEAD~1
To run the query the macro splunk_vc_ko_query, should be configured to point to an appname:searchname, the default is splunk_kom:splunk_vc_kom_audit_summary
If you have the Knowledge Object Overview App for Splunk (https://splunkbase.splunk.com/app/5399/) installed then there is a savedsearch called splunk_vc_kom_audit_summary which can be moved or copied into the splunk_kom app for this new functionality to work as expected
In addition the field qualifiedSearch is now longer backed up for savedsearches
Boolean tickboxes are now used for options that should be true or false
Also attempted to improve the error logging for failed OS process execution
Fixed a few misc bugs related to setting email address/name in the git repo among others
1.2.1
This version includes some changes that should reduce the storage size of savedsearches, in particular:
- listDefaultActionArgs=false is now used on the savedsearches REST endpoint
- display.visualization.* is only backed up if display.general.type = visualizations, this should reduce the storage size of savedsearches
Note that I have also created https://ideas.splunk.com/ideas/EID-I-1052 as a request to have a way to see the output of savedsearches that is closer to matching the filesystem rather than including 100's of default configuration lines into each savedsearch entry (256 display.visualizations.* attributes per-savedsearch in my prod environment at the time of writing)
1.2.0
This version includes a few major changes:
file_per_komode, disabled by default, if enabled outputs 1 file per knowledge object instead of including all knowledge objects of a type within 1 filenext_scheduled_timeattribute removed from savedsearches (this results in less unnnessary git commits)- code updated so that newlines are used in the json files, this makes the files stored in git more human readable and easier to see what changed between backups
- support added for http/https based git repositories in addition to ssh-based repo's
If you would like to use file_per_ko this will result in a lot more files in the git repository but this will make it easier to see the history of changes in each file
Note that you must set file_per_ko to true in both the backup & restore for this to work as expected, also if you change the setting you will need to re-create or wipe the repo as the files are stored differently
Updated all dashboards to include version="1.1" tag as required by new Splunk versions
Updated to Splunk python SDK 1.1.16
This version fixes a bug introduced by 1.1.13, version 1.1.13 was removed from SplunkBase due to an error in the code