How do you migrate searches, dashboards, etc. from...

SplunkShawnCt · ‎01-29-2019

Can I move the /splunk/etc/apps/search/local folder to the deployers shcluster/apps/search/local folder? (And then push package?)

Reading the documentation it seems this would be a bad idea, but I want to move the savedsearches.conf, macros etc.

Or would it be a better idea to copy these folders to the search heads individually and restart Splunk?

This is from docs:

Caution: Do not use the deployer to
push default apps, such as the search
app, to the cluster members. In
addition, make sure that no app in the
configuration bundle has the same name
as a default app. Otherwise, it will
overwrite that app on the cluster
members. For example, if you create an
app called "search" in the
configuration bundle, it will
overwrite the default search app when
you push it to the cluster members.

dkeck · ‎01-29-2019

HI,

I guess you had a look at this: https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesearchheads

If you read futher down its says: You can migrate custom settings in the app itself by moving them to a new app and exporting them globally. The migration procedure in this topic includes a step for this.

So just perform whats stated here: https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesearchheads#Migra...

dkeck · ‎01-31-2019

any luck with that? Please accept the answer if it helped 🙂

How do you migrate searches, dashboards, etc. from a standalone search head to a new search head cluster?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!