How do you migrate searches, dashboards, etc. from...

SplunkShawnCt · ‎01-29-2019

Can I move the /splunk/etc/apps/search/local folder to the deployers shcluster/apps/search/local folder? (And then push package?)

Reading the documentation it seems this would be a bad idea, but I want to move the savedsearches.conf, macros etc.

Or would it be a better idea to copy these folders to the search heads individually and restart Splunk?

This is from docs:

Caution: Do not use the deployer to
push default apps, such as the search
app, to the cluster members. In
addition, make sure that no app in the
configuration bundle has the same name
as a default app. Otherwise, it will
overwrite that app on the cluster
members. For example, if you create an
app called "search" in the
configuration bundle, it will
overwrite the default search app when
you push it to the cluster members.

dkeck · ‎01-29-2019

HI,

I guess you had a look at this: https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesearchheads

If you read futher down its says: You can migrate custom settings in the app itself by moving them to a new app and exporting them globally. The migration procedure in this topic includes a step for this.

So just perform whats stated here: https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesearchheads#Migra...

dkeck · ‎01-31-2019

any luck with that? Please accept the answer if it helped 🙂

How do you migrate searches, dashboards, etc. from a standalone search head to a new search head cluster?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes