Home |

Trigat

Splunk Timestamp Fix

12-04-2019

Language or Platform: Python

Code: 

import os
import shutil
import fileinput

# www.trigat.com

# ABOUT
# This makes a backup of the old datetime.xml file on Splunk forwarder servers.
# The new datetime.xml is then copied to the Splunk forwarder server.

# SETUP
# Place the new Splunk datetime.xml file in the same directory as this Python program
# Place a serverlist.txt file with a list of forwarder-server names in the same directory as well
# (One server name per line)

def uploadfile(servername):
    source = os.listdir(".") # local directory where original configs are located
    dest = '//' + servername + r'/c$/Program Files/SplunkUniversalForwarder/etc/' # destination server directory
    for files in source:              # use r before path name so you can use a name with spaces in it
        if files.endswith("datetime.xml"):
            try:
                #os.makedirs(dest, exist_ok=True)
                shutil.copy(files,dest)
            except:
                pass

def copyremotely(servername):
    print(servername)
    source = '//' + servername + r'/c$/Program Files/SplunkUniversalForwarder/etc/'
    dest = '//' + servername + r'/c$/Program Files/SplunkUniversalForwarder/etc/'
    splunk_file = 'datetime.xml'
    if os.path.isfile(os.path.join(source, splunk_file)):  # isfile checks if filename already exists on remote computer
        print(os.path.join(source, splunk_file))
        try:
            shutil.copyfile(os.path.join(source, splunk_file), os.path.join(dest, splunk_file + '.old'))
            uploadfile(servername)
        except:
            print (" Local directory you are copying to does not exist.")
            pass
    else:  # if filename does not exist on remote computer, exit function and move on to next computer in list
        pass

def start():
    with open("serverlist.txt", "r") as f:
        for servername in f:
            copyremotely(servername.strip())

start()

'''

# You can use PowerShell to restart the Splunk service on your list of servers/forwarders:

$computers = gc C:\Users\USERNAME\Desktop\splunk_update\serverlist.txt
ForEach($computer in $computers) {
    Get-Service -Name 'SplunkForwarder Service' -ComputerName $computer | Restart-Service -PassThru
    Write-Host "Restarted Splunk service on $computer."
}

'''

Back