Alerting

Is there any documentation on automating alerts and dashboard migration by using an app?

mufthmu
Path Finder

Hi,
I have been migrating Splunk's alerts and dashboard from one instance to another by transferring the .xml files (for dashboard) and the saversearches.conf files (for alerts) from the old instance to another one.
However, there must be some way to automate this so other people in my team can do it with ease and efficiency by using the app.
Is there a documentation or any reference to perform this?
Thanks!

0 Karma

gjanders
SplunkTrust
SplunkTrust

I wrote transfer splunk knowledge objects for this purpose. The code could do with a re-write/cleanup but it might work for what you want...its not an app but a script...

It eventually became part of Version Control for Splunk (github) VersionControl for Splunk (splunkbase)

You could do something similar to version control for Splunk but that would require a little bit of work, I'd considered making a transfer app but I don't have that requiremnet for now

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mufthmu
the best approach is that you and your colleagues always work in an app, not in Splunk Search and Reporting app.
In this way you can migrate or copy not only dashboards and alerts, bat also alla the knowledge objecs (fields, tags, eventtypes, etc...) in a very easily way: you have to copy the app from an instance into another.
In few words, an app is an empty container where are located all the knowledge objects, so you could establish a rule for yourself and your colleagues that, before create a dashboard, an alert or another knowledge objects, you enter in an existing app or you create a new one, in this way you have all in this container (the app) that you can move, copy or simply backup.
In addition, in this way you can easily manage user grants on the knowledge objects.
For more information see https://dev.splunk.com/enterprise/docs/developapps/createapps/createsplunkapp/

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...