Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I migrate users' existing knowledge objects within their own user directories to a search head cluster so they can delete them via the gui?

Lucas_K
Motivator
‎04-15-2015 10:47 PM

I've encountered an issue when migrating from a search head pool to a cluster. Users are unable to delete their own objects (savedsearches/macros/dashboards etc).

This is due to how I deployed them originally using the deployer. As such I need to manually delete them from the deployer and then apply that bundle to the cluster to remove them.

As I am doing another migration I would like to know the best way to move the users' objects across so I don't get stuck like this again.

So my question is, how can I initially migrate users knowledge objects contained within their own user dirs into a search head cluster so that they have the ability to delete their own objects like they did before?

0 Karma
Reply

traxxasbreaker
Communicator
‎09-01-2017 04:44 PM

This was the advice I'd gotten and implemented to move into a search head cluster. In my case it was standalone to cluster but these steps should still accomplish what you're looking for.

  1. Put only the default directories of the apps from your old environment on the deployer. Make sure you do not inadvertently put the search app on the deployer, trust me when I say the results are not pretty if you do and that gets pushed.
  2. Push the bundle from your deployer.
  3. Copy the users directory and the local directories of the apps to each search head cluster members. This way, since they're not defined on the deployer, users will be able to delete them and fully manage their own objects.
  4. Do a rolling restart to apply those local and user updates.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...