The output of the above will produce .zip files that contain your Splunk index which you can move or backup to a different location:
A Python-based GUI/CLI hybrid tool for managing Splunk indexes, including creation, deletion, and backup/restore operations.
- Create, delete, and manage Splunk indexes with simple menu-driven operations
- View index sizes with automatic MB/GB conversion for easy monitoring
- Intelligent filtering of system indexes and default destinations
- Complete index backup including all data files and empty directories
- Optional password protection for sensitive backup archives
- Full restore functionality with automatic configuration updates
- Color-coded console output with intuitive symbols (✓ ✗ ⚠)
- Progress bars and animations for long-running operations
- Context-aware confirmation prompts for destructive actions
- Persistent configuration storage for Splunk path and credentials
- Batch operations (backup + delete in one step)
- Works across Windows, Linux, and macOS platforms
- Automatic index size calculation before operations
- Visual warnings for large indexes (>2GB)
- Smart filtering of system/main indexes from management lists
- Python 3.7 or higher
- Splunk installed on the system
- Valid Splunk credentials
- Clone the repository:
git clone https://github.com/dfirvault/Splunk-Case-Manager.git cd splunk-manager -
python splunk_manager.py
Backups are created as ZIP files containing: The complete index folder structure (including empty directories) The index's .dat file Optional password protection
The configuration file (config.txt) stores: Splunk binary path Username (in plaintext - see Security Note) Password (in plaintext - see Security Note)
MIT License - See LICENSE file
Pull requests are welcome. For major changes, please open an issue first to discuss proposed changes.