Hi,
I have been migrating Splunk's alerts and dashboard from one instance to another by transferring the .xml files (for dashboard) and the saversearches.conf files (for alerts) from the old instance to another one.
However, there must be some way to automate this so other people in my team can do it with ease and efficiency by using the app.
Is there a documentation or any reference to perform this?
Thanks!
I wrote transfer splunk knowledge objects for this purpose. The code could do with a re-write/cleanup but it might work for what you want...its not an app but a script...
It eventually became part of Version Control for Splunk (github) VersionControl for Splunk (splunkbase)
You could do something similar to version control for Splunk but that would require a little bit of work, I'd considered making a transfer app but I don't have that requiremnet for now
Hi @mufthmu
the best approach is that you and your colleagues always work in an app, not in Splunk Search and Reporting app.
In this way you can migrate or copy not only dashboards and alerts, bat also alla the knowledge objecs (fields, tags, eventtypes, etc...) in a very easily way: you have to copy the app from an instance into another.
In few words, an app is an empty container where are located all the knowledge objects, so you could establish a rule for yourself and your colleagues that, before create a dashboard, an alert or another knowledge objects, you enter in an existing app or you create a new one, in this way you have all in this container (the app) that you can move, copy or simply backup.
In addition, in this way you can easily manage user grants on the knowledge objects.
For more information see https://dev.splunk.com/enterprise/docs/developapps/createapps/createsplunkapp/
Ciao.
Giuseppe