Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I migrate users' existing knowledge objects within their own user directories to a search head cluster so they can delete them via the gui?

Lucas_K
Motivator
‎04-15-2015 10:47 PM

I've encountered an issue when migrating from a search head pool to a cluster. Users are unable to delete their own objects (savedsearches/macros/dashboards etc).

This is due to how I deployed them originally using the deployer. As such I need to manually delete them from the deployer and then apply that bundle to the cluster to remove them.

As I am doing another migration I would like to know the best way to move the users' objects across so I don't get stuck like this again.

So my question is, how can I initially migrate users knowledge objects contained within their own user dirs into a search head cluster so that they have the ability to delete their own objects like they did before?

0 Karma
Reply

traxxasbreaker
Communicator
‎09-01-2017 04:44 PM

This was the advice I'd gotten and implemented to move into a search head cluster. In my case it was standalone to cluster but these steps should still accomplish what you're looking for.

  1. Put only the default directories of the apps from your old environment on the deployer. Make sure you do not inadvertently put the search app on the deployer, trust me when I say the results are not pretty if you do and that gets pushed.
  2. Push the bundle from your deployer.
  3. Copy the users directory and the local directories of the apps to each search head cluster members. This way, since they're not defined on the deployer, users will be able to delete them and fully manage their own objects.
  4. Do a rolling restart to apply those local and user updates.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...