Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk application renaming without losing existing user data

Moogsoft
Observer
a week ago

I have an application on Splunkbase and want to rename it along with the commands and custom action.

I have updated the app name by renaming the folder and updating the app ID. I've also updated the commands and custom action with the new name.

While testing it on my local Splunk instance I observed that the existing application isn't getting replaced with a new one as the folder name and app name/ID is different compared to the older version.

I believe that is fine as I can ask users to remove it from their instances, but I want the saved searches as well as local data of the older app to be available in the renamed app (newer app) but I'm unable to find any appropriate way of doing so.

Lastly, There was a post in the community where the solution was to clone the local data from the older app to the newer app but that isn't feasible for me as I don't have access to the instances that the users are having with the older app installed.

Can someone please help me with this?

Also, I had a few other questions related to older applications:

  1. What is the procedure for deleting an already existing application on Splunkbase?
    1. Is emailing Splunk support the only way?
    2. Tried app archiving but it doesn't restrict the users from installing it.
  2. Is there a way to transfer the old Splunk application or account to a new account? any alternative to emailing the Splunk support team? 


TL;DR

  1. How can I replace the already installed application on the user's end with the newly renamed application in Splunk?
    1. Since the names of the applications differ, Splunk installs a separate app for the new name instead of updating the existing one.
  2. If there are users who are already using the existing application and have the application's saved configurations and searches, how can we get it migrated to the newly renamed application?
Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
Monday

Wait a second.

Splunkbase is a channel for application distribution. While in a standalone server setups you can pull an app directly from Splunkbase it's not meant to be your deployment server.

Trying to pull some tricks with application ID and renaming "in place" is a relatively ugly solution. Why not just release a new app and provide a docs for migration between those "versions"?

0 Karma
Reply

Moogsoft
Observer
Wednesday

@PickleRick Thanks for the reply,  Yes I meant the same; i.e. Splunkbase is a channel for application distribution.

I agree that we can release a new app along with migration steps. Still, I'm looking for a solution where the existing application user can seamlessly move to the newly renamed application without having to worry about replicating the same saved searches as well as the app setup to the newer app.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
Wednesday
It’s possible to do almost seamless migration for end users as I told in previous post. But it needs some manual work for admins and of course enough documentation for both.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
Monday

Hi

as you have renamed and changed AppId then this is totally new application without any reference into the old one. There is no automatic way how you could migrate those all KOs from old app and especially from user private folders.

If those installations are in onprem then you could use e.g. this script/solution https://community.splunk.com/t5/Dashboards-Visualizations/Can-we-move-the-saved-searches-or-knowledg...

You could try to modify this script to work remotely with Splunk Cloud, but it needs some work and I don’t be sure that can you even do it?

I have no experience how to remove app from splunkbase. Probably it can do with service request? At least you could update the old app and tell that everyone should use your new one. 
r. Ismo

0 Karma
Reply

Moogsoft
Observer
Wednesday

@isoutamo Thanks for the reply, I'm afraid to go with the scripts route, but I'll still check if there is any other solution I can find as I'm looking to move the existing users from the old application to the renamed one without much effort.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...