My question is pretty simple. Is there a easy way to export all your searches/reports and alerts created from every user, from one splunk indexer instance to another instance? My only suggestion for this problem was to locate all savedsearches.conf from every user and create the users on my new machine and copy all the conf. files. So my question is if there's an easier way to do this.
Not sure if this helps you, but I stumbled upon this in Splunk Docs: https://docs.splunk.com/Documentation/Splunk/7.1.2/Installation/MigrateaSplunkinstance
Does anything in there help?
copy the entire users directory?
what is it exactly that you are trying to do? and why?
Were you able to solve your problem? If so, please describe how you were able to do this in an answer post.
If your problem is still not solved, keep us updated so that someone else can help ya.
Thanks for posting!
Is easy, just copy those xml from views and the savedsearch file to another app, or create a new one and copy.
Thanks @felipesewaybricker .
I have tried it and it is working perfectly. But need to create a documentation on this, so I need the Splunk suggested documents. Could you please add any splunk documents link?
This post looks helpful:
and creating searches using REST API
Unfortunatly, that is as much as I can show because I do not have access to the REST API in my environment.
Something to keep in mind when doing this sort of migration - just copying the user data will likely not be sufficient for everything to work properly. You will also need to ensure that any knowledge objects used by existing reports (field extractions, lookups, etc) are migrated as well.
If this is a case where you are replacing your search head with a new one, it would make the most sense to perform a migration of the configuration to ensure everything is moved over.