Solved: What is the best way to transfer reports and alert...

packet_hunter · ‎09-27-2017

I have about 50 reports saved on a search head that is being decommissioned.

Do I have to manually copy the alerts and reports or is there a way to export them from a file and import them to the new search head?

Thank you

MuS · ‎09-27-2017

Hi packet_hunter,

there is a doc about migrating to a search head cluster http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Migratefromsearchheadpooling#Migrate_t... which provides all steps you need to do - ignore step 4 & 5 in your case.

Another approach is to create an App and move your searches into this app (make sure they are not private), export/package the app http://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands#Commands.2C_objects.2C_and... , and install it on the new search head.

Hope this helps ...

cheers, MuS

MuS · ‎09-27-2017

Hi packet_hunter,

there is a doc about migrating to a search head cluster http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Migratefromsearchheadpooling#Migrate_t... which provides all steps you need to do - ignore step 4 & 5 in your case.

Another approach is to create an App and move your searches into this app (make sure they are not private), export/package the app http://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands#Commands.2C_objects.2C_and... , and install it on the new search head.

Hope this helps ...

cheers, MuS

packet_hunter · ‎09-28-2017

Thank you !

What is the best way to transfer reports and alerts from one search head to another search head?