All Apps and Add-ons

Some enhancement suggestions for the CTCM App

Muryoutaisuu
Communicator

Hi

We have some standalone searchheads. We used to version-control each app on them with subversion, which worked perfectly.

Now we will migrate to a searchhead cluster <i>(shcluster)</i>. Hence version-control with subversion does not work anymore, not without recurring conflicts, which are not user-friendly for our developers. Then I saw your app, and it might solve our problem, were it not for some missing features.

So my question is, are you going to implement following points:

  1. Version comparison of views: <code>/servicesNS/-/-/data/ui/views</code>
  2. Version comparison of lookup files: <code>/servicesNS/-/-/data/lookup-table-files</code>
  3. Version comparison more granular, say in the <code>ct_change_investigation</code> dashboard not only to compare date, but also datetime <i>( date = strftime(_time, "%m/%d/%Y %H:%M:%S") )</i>. My intention would be, to manually trigger a populating search <i>(see http://answers.splunk.com/answers/49891/can-i-manually-trigger-a-scripted-alert.html)&lt;/i> whenever a user wants to save the current state, e.g. when working on views.

That would be very, very nice.

Kind regards, Muryoutaisuu

0 Karma

Runals
Motivator

Those are some great ideas! I'll add them to the list of things I'd like to add to the next version. We are going to be implementing search head clustering next month locally so will see how the app needs to change.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...