Alerting

Is there any documentation on automating alerts and dashboard migration by using an app?

mufthmu
Path Finder

Hi,
I have been migrating Splunk's alerts and dashboard from one instance to another by transferring the .xml files (for dashboard) and the saversearches.conf files (for alerts) from the old instance to another one.
However, there must be some way to automate this so other people in my team can do it with ease and efficiency by using the app.
Is there a documentation or any reference to perform this?
Thanks!

0 Karma

gjanders
SplunkTrust
SplunkTrust

I wrote transfer splunk knowledge objects for this purpose. The code could do with a re-write/cleanup but it might work for what you want...its not an app but a script...

It eventually became part of Version Control for Splunk (github) VersionControl for Splunk (splunkbase)

You could do something similar to version control for Splunk but that would require a little bit of work, I'd considered making a transfer app but I don't have that requiremnet for now

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mufthmu
the best approach is that you and your colleagues always work in an app, not in Splunk Search and Reporting app.
In this way you can migrate or copy not only dashboards and alerts, bat also alla the knowledge objecs (fields, tags, eventtypes, etc...) in a very easily way: you have to copy the app from an instance into another.
In few words, an app is an empty container where are located all the knowledge objects, so you could establish a rule for yourself and your colleagues that, before create a dashboard, an alert or another knowledge objects, you enter in an existing app or you create a new one, in this way you have all in this container (the app) that you can move, copy or simply backup.
In addition, in this way you can easily manage user grants on the knowledge objects.
For more information see https://dev.splunk.com/enterprise/docs/developapps/createapps/createsplunkapp/

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...