I am trying to find where my search definitions are kept and if there is way that i can put them in version control (in my case, SVN) so that they are included in our continuous integration. Is this possible or are the definitions rows in a db?
Are you talking about savedsearches.conf
?
That file exists in several places, typically in;
/etc/apps/<appname>/local
/etc/system/local
/etc/users/<username>/<appname>/local
Normally no need to look in the corresponding default
directories, except for apps that you yourself create.
Hope this helps,
Kristian
I've been looking at questions and answers about version control of knowledge in Splunk and frankly it's weak to non-existent. There's nothing in the BUI and you're on your own with text files. On non-*x platforms where svn, git, even rcs and make (for placing files) are unknown, this is getting to be a large problem with our customers especially after a few years cranking away developing their own knowledge artifacts. From what I've seen of sourcesafe and other windowsy things, you do not want to go down that road if you can avoid it. So, how about an RFE to include even very basic version control in the BUI so that your latest and maybe a couple of previous diffs of your conf files get stored somewehere, and you can roll back if you want? I shouldn't think this would be much of a stretch, and for extra credit some hooks into popular version control systems would be REALLY nice...:-) SoS is only a partial answer at best and points the way to something better.
I prefer to keep them in a custom app, which you can easily move around.
On the source you can also use something like GIT, to manage not just searches but config files also.
Marinus
Thanks Marinus, we are putting them in to puppet which in turn is VC'd in SVN (both the configs and the config searches).
Are you talking about savedsearches.conf
?
That file exists in several places, typically in;
/etc/apps/<appname>/local
/etc/system/local
/etc/users/<username>/<appname>/local
Normally no need to look in the corresponding default
directories, except for apps that you yourself create.
Hope this helps,
Kristian
ok, well i don't know what the heck i was looking at before, but, yeah..found all the savesearches.conf's. thanks!
that's the file... i thought i had looked there, but didn't see anything. going back to double check...