Other Usage

How to maintain savedsearches.conf in code repository?

leomax
New Member


Hello ,
I am trying to figure out how to enable users to maintain their saved searches , reports and alerts in version control.
Application teams login to Splunk UI and create their own reports , alerts etc.
Those get to be written to savedsearches.conf files , private or shared.

So application owners want their portion of the configuration be available to them to maintain in , say a Git repo.
We are using clustered searchhead deployment and also have a separate shc deployer system.
Thought about setting up a cron job to git clone /opt/splunk/etc/users/<user-id>/search/local/savedsearches.conf.
I am not sure how it may work, seemed clunky.

Is there any other way for teams (standard users)  to download , track and update their report, alert configuration without use of GUI ?

Thanks.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...