Alerting

Is there any documentation on automating alerts and dashboard migration by using an app?

mufthmu
Path Finder

Hi,
I have been migrating Splunk's alerts and dashboard from one instance to another by transferring the .xml files (for dashboard) and the saversearches.conf files (for alerts) from the old instance to another one.
However, there must be some way to automate this so other people in my team can do it with ease and efficiency by using the app.
Is there a documentation or any reference to perform this?
Thanks!

0 Karma

gjanders
SplunkTrust
SplunkTrust

I wrote transfer splunk knowledge objects for this purpose. The code could do with a re-write/cleanup but it might work for what you want...its not an app but a script...

It eventually became part of Version Control for Splunk (github) VersionControl for Splunk (splunkbase)

You could do something similar to version control for Splunk but that would require a little bit of work, I'd considered making a transfer app but I don't have that requiremnet for now

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mufthmu
the best approach is that you and your colleagues always work in an app, not in Splunk Search and Reporting app.
In this way you can migrate or copy not only dashboards and alerts, bat also alla the knowledge objecs (fields, tags, eventtypes, etc...) in a very easily way: you have to copy the app from an instance into another.
In few words, an app is an empty container where are located all the knowledge objects, so you could establish a rule for yourself and your colleagues that, before create a dashboard, an alert or another knowledge objects, you enter in an existing app or you create a new one, in this way you have all in this container (the app) that you can move, copy or simply backup.
In addition, in this way you can easily manage user grants on the knowledge objects.
For more information see https://dev.splunk.com/enterprise/docs/developapps/createapps/createsplunkapp/

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...