How can I migrate users' existing knowledge object...

Lucas_K · ‎04-15-2015

I've encountered an issue when migrating from a search head pool to a cluster. Users are unable to delete their own objects (savedsearches/macros/dashboards etc).

This is due to how I deployed them originally using the deployer. As such I need to manually delete them from the deployer and then apply that bundle to the cluster to remove them.

As I am doing another migration I would like to know the best way to move the users' objects across so I don't get stuck like this again.

So my question is, how can I initially migrate users knowledge objects contained within their own user dirs into a search head cluster so that they have the ability to delete their own objects like they did before?

traxxasbreaker · ‎09-01-2017

This was the advice I'd gotten and implemented to move into a search head cluster. In my case it was standalone to cluster but these steps should still accomplish what you're looking for.

Put only the default directories of the apps from your old environment on the deployer. Make sure you do not inadvertently put the search app on the deployer, trust me when I say the results are not pretty if you do and that gets pushed.
Push the bundle from your deployer.
Copy the users directory and the local directories of the apps to each search head cluster members. This way, since they're not defined on the deployer, users will be able to delete them and fully manage their own objects.
Do a rolling restart to apply those local and user updates.

How can I migrate users' existing knowledge objects within their own user directories to a search head cluster so they can delete them via the gui?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes