To programatically complete the move, do the following:
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/myapp/saved/searches/mysearch/move \ -d user=nobody \ -d app=otherapp
all alerts are setup in your
savedsearches.conf (there could by multiple files!) you must check for any action.* items, because this will define an alert. Copy all the stanza alerts that you want to move into a new
savedsearches.conf file, then copy and paste the file into your target application (in the default directory or local).
then you restarted splunk and everything will work.
for more informations about
savedsearches.conf, see this link:
In Splunk web , go to Setting- -> Searches, reports, and alerts in Actions column click on clone of your existing alert, in open form choose your new app in Destination app ** dropdown and **save
Assuming that you do not have CLI access to your Search Head and that you do not have a Deployment Server, then, if you have several in one app and need to move them to another app you can export both apps using the app exporter tool, hand merge them and then upgrade the app with the merged app zip/tgz file:
Just to update, if anyone want to move mutiple knowledge objects from one app to another then it'll be pain in Splunk WebGUI because you need to move knowledge object one by one, to simplified this I have created python script which uses Splunk REST API to move multiple knowledge objects https://github.com/harsmarvania57/splunk-ko-change (NOTE: Please use that script at your own risk :P)