Alerting

Is there any documentation on automating alerts and dashboard migration by using an app?

mufthmu
Path Finder

Hi,
I have been migrating Splunk's alerts and dashboard from one instance to another by transferring the .xml files (for dashboard) and the saversearches.conf files (for alerts) from the old instance to another one.
However, there must be some way to automate this so other people in my team can do it with ease and efficiency by using the app.
Is there a documentation or any reference to perform this?
Thanks!

0 Karma

gjanders
SplunkTrust
SplunkTrust

I wrote transfer splunk knowledge objects for this purpose. The code could do with a re-write/cleanup but it might work for what you want...its not an app but a script...

It eventually became part of Version Control for Splunk (github) VersionControl for Splunk (splunkbase)

You could do something similar to version control for Splunk but that would require a little bit of work, I'd considered making a transfer app but I don't have that requiremnet for now

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mufthmu
the best approach is that you and your colleagues always work in an app, not in Splunk Search and Reporting app.
In this way you can migrate or copy not only dashboards and alerts, bat also alla the knowledge objecs (fields, tags, eventtypes, etc...) in a very easily way: you have to copy the app from an instance into another.
In few words, an app is an empty container where are located all the knowledge objects, so you could establish a rule for yourself and your colleagues that, before create a dashboard, an alert or another knowledge objects, you enter in an existing app or you create a new one, in this way you have all in this container (the app) that you can move, copy or simply backup.
In addition, in this way you can easily manage user grants on the knowledge objects.
For more information see https://dev.splunk.com/enterprise/docs/developapps/createapps/createsplunkapp/

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...